CRACKING THE PASSWORD

Still using one password for everything?

Marin Glibić
April 24, 2024
Business

00 INTRO

If a website where you have an account got hacked today, how many of your other accounts would be at risk?

Using the same password for multiple accounts isn’t a good idea. Imagine if a hacker cracks one of your passwords and that’s the same password you use for, let’s say, seven other accounts, including your email.

With access to your email account, a hacker can now access almost any account you used that email on. And things only go south from here.

01 protection is PRIORITY

Why is it about a password?

Passwords are like keys to our valuable possessions. That’s why cybercriminals are constantly motivated to crack them and gain access to our emails, online accounts, bank details and more.

Every day, hackers are working to crack passwords, so it’s almost inevitable that our passwords will end up on their lists at some point. But instead of panicking, we can take steps to reduce our risks by practicing responsible internet behavior.

02 issues

Challenges with passwords

Passwords need to be strong. But what does that mean?

They should be lengthy and random enough that trying to guess them would take an impractical amount of time – like, longer than the universe has even been around. But here’s the main problem. Passwords created by humans just aren’t good enough.

1. Weak passwords

People often come up with weak passwords. For example, an 8 character password can be cracked within 5 minutes. This means any combination of 8 characters can be easily compromised.

Quick check, are your passwords longer than eight characters? 😅 

But wait, now that I know 8 characters aren’t enough, I’ll create a super long password. It’ll be like a whole sentence that only I know, and I’ll mix in some numbers or symbols. That should do the trick.

My new password will be:

Dinam0KupVelesajamskihGrad0va1967.

This is way better than 8 characters, but it still two main problems:

  • First, a lot of people like Dinamo and remember winning a cup in 1967. So your password might not be as unique as you think.
  • Second, the average person has over 50 accounts online. That means you’d have to remember over 50 complex passwords.

Don’t think Hajduk is immune to this. There are the same problems with this password:

NikadViš3IgračaKaŠtaJeBiaB@ka

And unfortunately for all my Boston Celtics friends, the same issues are linked to the following password:

AnythingIsPossible2008!

2. Reusing passwords

Those lengthy passwords we talked about earlier? They’re long enough and easy to remember, which is great. But the trouble starts when we have to make a new, strong password for every new online account we create. Expecting ourselves to come up with unique passwords for each one that we can remember easily is just not realistic.

That’s why many people end up using one or two passwords for all their online accounts. And that’s a huge problem.

Hackers will crack your password for some random website where you registered while shopping for baby gear. Because that website might not have the level of security Google has. If you use that same password for your Gmail, hackers will easily gain access to your email as well. Especially since the username on both sites is your email address. 😅

You can see the issue here, right?

3. Websites that don’t care about security

So, about that baby gear site I mentioned earlier? Well, I signed up there recently and got my password sent to me in plain text via email. Not exactly Fort Knox-level security, right?

Here’s what this tells me:

  1. The site probably doesn’t care about security when it sends me my password via email like that.
  2. Now, Google’s got my password too, because Gmail reads all our emails. That’s the trade-off for a free email service, friends.
  3. If someone manages to hack into that website, they’re likely to get my password as well.
  4. If they breach the email provider of that site, they’ve got another easy route to my password.
  5. And hey, if an employee at the website decides to check sent emails – they’ve got it too.

Suddenly, there’s a lot of people who could get their hands on my password. And if I’ve been using that same password for my Gmail, yikes, that’s not good news.

Now, if I’d used that same password for, say, 40 other online accounts – the only sensible move would be to change all 40 passwords. Because if one gets compromised, they’re all at risk.

Just look at what happened with the Trapster app breach. According to this great article by Troy Hunt, bunch of Google accounts were hacked because of a security breach on some app that people downloaded and deleted couple of years ago.

The moral of the story? Don’t recycle passwords. Each one should be as unique as you are.

4. Attacks on well-protected sites

It’s not just the weak sites that hackers go after. Even the ones with strong security measures can be targeted. Hackers are always trying to steal personal info and passwords from sites with lots of users.

Even if a site has top-notch security, breaches can still happen. It’s not uncommon to hear about hackers getting hold of user data from these big websites.

It’s just how things are. We’ve gotta be ready to respond when these breaches happen.

5. Dictionary Attacks

Hackers have been at this game for so long that they’ve built up dictionaries of passwords. These lists contain the most commonly used passwords, and hackers use them to crack passwords quickly. Surprisingly, many of us use similar passwords.Despite our belief that we’re unique, these password lists show otherwise.

Even if we think we’re being clever by using details like our birthplace or favorite sports team in our password, chances are someone else has thought of it too.

So, passwords related to popular teams like Dinamo, Hajduk, or the Boston Celtics aren’t as unique as we might think. Just imagine how many fans those teams have and how many of them will come up with the same password!

03 what to do

Solution for passwords

Worried about managing all those passwords? Don’t be. There’s a simple fix: Password Managers.

Here’s how they work.

A password manager is like your personal password guardian. It generates strong, unique passwords for each of your accounts – passwords so complex you couldn’t possibly remember them all. And that’s the best part, you don’t have to. The password manager does the remembering for you.

It’s available on all your devices, so it can automatically fill in passwords whenever you need them. No more struggling to recall that random 32-character password. The password manager takes care of that.

All you need to remember is one master password – a strong one, of course, that you haven’t used elsewhere. With this master password, you unlock access to all your other passwords, securely stored by the password manager. It’s simple, elegant and, most importantly, secure.

Strong passwords

All my passwords have at least 32 characters and are very random. This means they’re quite hard to guess. Creating these passwords is extremely easy and I don’t have to remember them.

Unique passwords

When I discovered that the baby gear site emailed my password in plain text, I wasn’t concerned. It’s a lengthy, complex password that I’ve only used for that specific site.

Even if someone manages to crack that password, they won’t be able to exploit it elsewhere. Naturally, I made sure not to use any personal details on that website. Can’t be too careful, right? 😅

Keeping track of sensitive information

Passwords aren’t the only sensitive information we need to keep track of. Sometimes, it’s credit card details, Wi-Fi passwords, documents, software license keys, etc. Luckily, my Password Manager can securely store all of that.

But please be careful, don’t store your backup codes for two-factor authentication (2FA) in same place where your passwords are. If someone gains access to your password manager, 2FA could be your last line of defense.

Is it risky to keep all passwords in one place? 

Yes, there’s a slight risk, but it’s much lower compared to using weak passwords or reusing the same password everywhere.

Password management companies put a premium on security. They invest heavily to keep our passwords safe from attackers. That’s why using a password manager is a much safer choice.

Even if someone somehow gains access to all our passwords (which is highly improbable), we’ll have a record of all our accounts in the password manager, making it easier to generate new passwords where needed.

Also, you can always resort to using password manager and then add some pepper to your passwords. But I think password manager is ok on it’s own.

04 Final tips

Which password manager to use?

That’s a decision you’ll have to make for yourself. But some good ones are:

My family uses 1Password, and it’s been great for us. But honestly, any of the options on this list would be a solid choice.


Up next: Do this before you lose your phone