Nagging. Every professional seems to nag us about something we’re supposed to be doing or not doing these days. The dental hygienist telling us not to drink coffee, tea or indeed anything but water, and the car mechanic reminding us to change our oil and check our tyre pressures regularly, and of course our doctor recommending that we improve our diet and exercise more. We can often start feeling overwhelmed with all the things we’re supposed to be doing. This is why I try to keep advice simple and workable. I don’t want to add to your burden of things to remember. If I were to recommend one thing in cybersecurity, for everyday people, I’d recommend that you use different passwords for everything, in short I want password safety.
Why Should I Use Different Passwords?
If you were a security guard looking after ten separate building on your nightshift, you would hope that there were separate keys for each building, and indeed each door. This is good practise because if you lost the single master key for all these buildings, then someone would be able to access all the buildings. Whereas, if you only lost one key, then someone would technically only have access to the single building that key belongs to.
But there’s more. It’s about varying degrees of security on different websites. Large companies like Google, Apple and Microsoft, can spend vast sums on hiring the best security experts in the world, to make their systems safe. A local garden centre however, can’t afford millions of pounds (/dollars) on cybersecurity. Hackers will therefore usually target the weakest link in the chain. In this case, it would be best to hack into the local garden centre website, and access passwords from there, either by adding some code that stores user passwords as users type them in during the login process, or by hoping that the garden centre has stored passwords in their database as plaintext (i.e. not encrypted).
Side note: Why do small businesses get hacked?
If you passwords are the same on all websites, then a hacker who has access to a set of emails and associated passwords from the garden centre website, will usually try websites like eBay, Amazon etc to see if they can sign in using the credentials stolen from the garden centre website. If you had different passwords for everything at this stage, then the hackers would only have access to the garden centre website, so the damage they can cause is minimised (only isolated to that single website).
Emails as Master Key
If someone has access to your emails, they can go through the forgotten password process on any website. This process usually sends a reset password link to your email address, which when clicked, allows you to reset your password. This means that if someone has access to your email account, they have access to everything.
Hopefully you can now see the wisdom in having different passwords for everything. For this you will probably need a password manager (an application that remembers passwords so you don’t have to), or you will need to write them down in a book that you store in a safe place.
Contact us if you want to improve the security at home or for your small business.