November 27, 2012, 4:05 PM — I don't mean to alarm you, but -- well, actually I do. Your password strategy, if you have one at all, might be seriously out of date. In recent months, several well-publicized attacks on major online services exposed users passwords. For example, in June 2012, more than six million LinkedIn passwords were stolen and posted online. Just over a month later, over 450,000 Yahoo passwords were leaked. Apart from the direct damage that can come from having ones password made public, these security breaches revealed that vast numbers of people follow dangerous password practices that can result in far worse problems.
If you haven't examined your approach to making and using passwords recently, now is a good time to rethink your assumptions. Here are a few important facts about passwords you may not have realized -- and what they mean for you.
Password reuse is a major danger
You know how it is -- every time you turn around, another website or online service wants you to create a new password. Because that's so tedious to do, many people rely on shortcuts. But these shortcuts can get you in trouble. As a case in point, consider the common practice of using the same password for multiple sites.
Suppose you signed up for a LinkedIn account, and you used the same password you previously chose for your Gmail account. Then, in June, you were one of the unlucky people whose LinkedIn password was leaked. An enterprising hacker who knew your LinkedIn password could have easily tried it with other popular services, so getting access to your Gmail account would suddenly be trivial. That's a problem not just because someone could read or delete your email, but because you might use your Gmail address to access or reset other passwords. If the hacker clicked the forgot password link on another site, he could then check your email to get access to accounts that use other passwords. Even reusing a single password in two places could, in this way, cause cascading problems.
The best antidote to a password reuse habit is a password manager, such as 1Password (, $40) or LastPass (, free; premium service, $12 per year). These tools can generate passwords for you, store them securely, and fill them in on websites with a click or keystroke. That makes it painless to maintain different passwords for each site or service.
Hackers know your little password tricks