Password reuse continues to be an ongoing challenge for cybersecurity experts. Notably, employees reuse passwords an average of 13 times. Even if someone is using a strong password, if it’s stolen from a separate data breach, a seemingly secure account will be vulnerable to attack. Since 81% of breaches are caused by weak, reused, or stolen passwords, it’s important to keep staff educated on the risk and how to prevent it.
Table of Contents
What Is Password Reuse?
Password reuse involves using the same password for multiple accounts or services. Users who do it view it as saving time since they don’t have to remember as many unique ones. Some also combine reuse with weaker passwords, attempting to make the entire login process easier. Poor habits like that are a common cybersecurity risk to personal devices and businesses alike.
Why Password Reuse Is a Cybersecurity Risk
It can be a major cybersecurity risk, especially if it’s done across personal and work accounts. If a hacker gets the password from one place, they can quickly try it on other sites, too. Reuse is what caused the PayPal breach in December 2022. To put it another way, imagine if one key opened your house, car, and office. If someone stole that key, they could access everything rather than just one.
The problem gets worse because not all websites protect your password equally well. Plus, if you have the same one everywhere, you might not notice as quickly if someone has stolen it. That gives the attacker more time to do damage. The harm can be much more impactful, too, as you’ll have to work with each separate account or service to resolve any problems they cause.
Password Reuse Is Often the Desire for Convenience
Convenience is one of the biggest driving factors for password reuse. The average person must remember dozens of passwords for various websites, applications, and services. That can quickly become overwhelming, especially since best practices suggest each one should be unique, long, and complex. As a result, many people revert to using the same one or slight variations across multiple accounts.
Moreover, the desire for speed and efficiency in daily tasks further fuels the habit of password reuse. Whether busy at work or at home, many people often prioritize immediate access over security. This is particularly true when the perceived risk is low or the importance of the account is underestimated.
Lastly, the fear of forgetting a password and the hassle associated with account recovery can discourage users from creating unique ones. Even if it’s already strong, many have a false sense of security and assume it’s safe to use elsewhere. While that may be true in the short term, if it’s stolen from one account, it’ll still give a hacker access to all of them.
Password Managers Are an Effective Solution
Password managers offer an effective solution to the problem. By providing secure storage, they allow individuals to more easily manage their login details without memorizing them all. With just one master password, users can automatically fill in login fields across websites and apps, simplifying the sign-in process while enhancing security.
This tool reduces the temptation of password reuse and encourages the adoption of more complex and secure ones. While the biggest downside is that it does take time to set up, once each account is linked, it’s much quicker to log in, all while being more secure. That being said, 28% of users admitted to reusing their master password for other accounts. Doing so greatly reduces the protection it provides.
Passphrases Are Easier To Remember
If you struggle with long and complex passwords, consider using passphrases. They’re a series of unrelated words, such as SunsetClockRiverSmile, which many people find easier to remember than traditional passwords. They can be personalized for added strength, such as adding a few numbers at the end.
As discussed last month, passphrases can be nearly as strong as 14-character randomized passwords. Keep in mind that they’re only effective if they’re longer. One- or two-word passphrases aren’t secure enough. Four or more are highly recommended. While password managers can handle randomization, passphrases work well for any you need to remember but want to avoid writing down or storing in a document.
Tips To Develop Better Password Habits
Developing better password habits is crucial for enhancing online security and protecting personal information. Here are several strategies to help you create more secure ones to reduce the risk of reuse:
Regularly Update Passwords
Whether using a password or passphrase, change them regularly, especially for sensitive accounts like email, banking, and social media. That can help protect your information even if a service has been breached. For businesses, updating every 6 months at minimum is good practice. Outside of the workplace, do it as often as you feel comfortable. You shouldn’t go more than 1-2 years with the same password.
Take Security Questions Seriously
Treat security questions like additional passwords. Avoid answers that are easily found or guessed on social media. Doing so can help prevent people from being able to bypass account security, such as with social engineering. Consider using false but memorable answers to these questions.
Don’t Fall For Phishing Attacks
Be vigilant against phishing attempts, where scammers trick you into providing your passwords. Never click on suspicious links or provide your password in response to an unsolicited request, especially via email or messages. Your login details can be stolen even if you use a manager to autofill details.
Enable Multi-Factor Authentication (MFA)
Wherever possible, activate MFA for your accounts. Adding at least one extra layer of authentication when logging in reduces the chance of unauthorized account access. However, only around 60% of people use MFA for high-value accounts like banking or healthcare.
Avoid Using Personal Information
Avoid using readily available information, such as your name, birthday, or pet’s name, in your passwords. This type of information is often accessible to hackers and makes them much easier to guess.
Check for Breaches
Use services like Have I Been Pwned to check if your email or passwords have been part of a data breach. If you find your information has been compromised, change your passwords if you haven’t done it recently.
Avoid Password Reuse by Taking a Modest Approach
While we provided some insight into avoiding password reuse, everyone has different priorities and life factors. That can make some approaches more difficult than others. While secure passwords are essential, it’s also critical to avoid reusing them. When writing and managing passwords, consider what’s realistically doable for your situation. By being consistent and making even modest improvements, your accounts will be that much more secure. And as always, we recommend enabling MFA wherever possible.