I wrote about password reuse a while ago and I promised to follow up – I just didn’t promise to follow up quickly.
Today, LinkedIn suffered a massive security breach, and 6.5 million passwords were stolen. I went and I changed my password for a new one and I am done. You should do the same, but it doesn’t necessarily mean that you are done.
If you re-use your password, then you are in trouble. You may be really good about not writing down your password and not telling it to anyone… but the breach can happen on the other side. It’s trivial for a hacker to write code to try out every username/password combination on many popular websites (Google, banks, Facebook, etc). Out of 6.5 million passwords, I’m willing to bet they would have lots of success. You should really, really use different passwords for each different account you have.
Impossible to manage? No. Just use a password manager. I use 1Password on the Mac, iPhone, iPad. It stores all the passwords locally and securely encrypted. The browser plug-in for the desktop is really good, and the app for the iPad and iPhone is ok. It all synchronizes seamlessly. It’s an expensive solution, but having your bank account drained or your identity stolen will be way more expensive. There are other similar products but I haven’t tried them.
…you are never 100% safe. But you can always do better.
And last, and admission: While I knew I was vulnerable because I was reusing just 2-3 passwords on all my online accounts, what prompted me to get serious is when I saw one of my passwords on this list. Shameful.