It’s something many people admit to doing: They reuse the same password across a few different services.
We are not judging you if you’ve done it – it’s easy to see why thousands of people do this every day. It feels like an easy way to get signed up for something. If you reuse a password, you won’t have to go through the hassle of remembering it and needing to reset the password in the future.
However, you only have to do this once, and you’re at considerable risk of something called credential stuffing.
This is where hackers get hold of millions of usernames and passwords. These typically come from the big leaks we hear about in the news.
And then, they try all those details to see if they can log in to other digital services. They use bots to stuff the credentials into the login box, hence the name.
Because it’s automated, they can sit back until their software manages to log in to an account, and then they can do damage or steal money.
Stats suggest that 0.1% of breached credentials will result in a successful login to another service.
The best way to protect yourself against this kind of attack is to never, ever reuse passwords.
Use a password manager to generate long, random passwords, remember them for you, and auto-fill them. The less hassle for you, the less likely you are to reuse a password. Consider giving a password manager to each of your staff as well.
And if you know you have reused passwords in the past, you should change all your passwords on all active services just to be safe.