It’s something many people admit to doing: they reuse the same password across a few different services.
Not judging you if you’ve done it. It’s easy to see why thousands of people do this every day. It feels like an easy way to get signed up to something.
If you reuse a password, you won’t have to go through the hassle of trying to remember it and needing to reset the password in the future. However, you only have to do this once, and you’re at big risk of something called credential stuffing.
This is where hackers get hold of millions of real usernames and passwords. These typically come from the big leaks we hear about in the news.
Once leaked, information from databases from major companies like Facebook, Twitter and LinkedIn can be bought on the dark web for pennies each.
And then they try all those details to see if they can login to other digital services. They use bots to stuff the credentials into the login box, hence the name.
Because it’s automated, they can sit back until their software manages to log into an account… and then they can do damage or steal money. Stats suggest that 0.1% of breached credentials will result in a successful login to another service.
The best way to protect yourself against this kind of attack is to never, ever reuse passwords.
Use a password manager to generate long random passwords, remember them for you, and auto-fill them. You only have to remember the password for your password manager.
The less hassle for you, the less likely you are to reuse a password. Consider giving a password manager to each of your staff as well.
And if you know you have reused passwords in the past, then you should really change all your passwords on all active services.