Online villains (bad actors) target passwords more so than any other means by which to maliciously gain access and information. Did you know that the average person today uses 191 online services and accounts that require login credentials (a username and a password)? That means there are over 15 billion sets of these credentials afloat in cyberspace.
Given there have been over 100,000 data breaches over time, that means these - your - credentials are possibly already on lists made available to bad actors.
Did you ever find a key fob in a parking lot and wander around clicking it to see if a car responded to your signal? That is kind of like what bad actors do with these lists of credentials they acquire because of all these data breaches. They do what is called “credential-stuffing.”
“Credential stuffing is a type of cyberattack where stolen account credentials typically consisting of lists of usernames and/or email addresses and the corresponding passwords are used to gain unauthorized access to user accounts through large-scale automated login requests directed against a web application.”
Of the 15 billion sets of credentials mentioned earlier, only 5 billion are unique. That means 2/3 of these credentials are using the same credentials for multiple accounts. That is great news for bad actors and bad news for everyone else.
The reality is simple, yet inconvenient … people should use a different password for every account. Period. No exceptions. Doing so mitigates the damage done when (not if) your credentials to one account are obtained against your will or knowledge.
Start today. Ensure every one of your online services / accounts have a unique - and strong - password. Sure, it is more work and certainly inconvenient. However, repairing the carnage from multiple account hacks will most certainly be more inconvenient.
And yes, if you do not have a password manager, it’s time to get one. Here is a great place to start.