Skip to content

Risk Associated with Recycling Passwords

Passwords are the primary method of protecting data and personal accounts. Passwords can be created with endless numerical and alphabetical combinations. However, many users choose one password for all of their accounts. Users find convenience in having the same pass-word because it’s easier to remember and it makes the login process much shorter. Remember-ing multiple passwords can be challenging and many users have a major fear of forgetting their password and losing access to one of their accounts. Unfortunately, many users don’t consider the consequences of their primary password falling into the hands of a cybercriminal. The com-promise of one password that has been recycled through multiple accounts can lead to data being lost or the victim’s identity being stolen.

There are five primary reasons why users should never recycle passwords.

1. The Compromise of Multiple Accounts

The primary concern for having a primary password compromised is the threat of cybercriminals using it to access other accounts. Some users make the poor decision to use the same password for their social media account that they use for their bank ac-count. Once a cybercriminal has obtained the password, the first place they will use it is on the victim’s financial account. While many banks and credit unions have multiple security features in place to prevent fraudulent logins, stealing a password is one step closer for cybercriminals to steal funds directly.

2. Threatening Company Accounts

With users recycling personal passwords in their work environment, hackers have been able to breach large enterprises. These attacks lead to a larger scale of stolen data and can permanently damage a company’s public reputation. Users must be diligent to protect their organization by keeping their personal passwords separate from their professional passwords.

ThreatAdvice Breach Prevention Platform

3. Strengthening Brute Force Attacks

Hackers use brute force attacks to attempt hacking accounts. A brute force attack is a method in which a hacker can try thousands of password combinations to access an account. When a user recycles a password, this can often help cybercriminals strengthen their brute force attack. This is especially dangerous for family members or friends who choose to share passwords. This is a dangerous practice that all users should avoid.

4. Increasing Complexity of Phishing Attacks

Phishing campaigns have become more sophisticated as technology has advanced. If a cybercriminal is able to obtain a recycled password, they will be able to use it to add another level of complexity to their attacks. Hackers will send out phishing emails that claim that users must update their information or password for specific accounts. Regardless of how legitimate an email may seem, users must always double check every aspect of any messages that request information to be changed or offer a link to follow. Users should look for misspellings and hover over all links to see the destination before clicking.

5. There are Better Password Security Resources

Fear of forgetting a password should never be a reason that users recycle passwords. Instead, users should utilize security resources such as multi-factor authentication and password managers.

Multi-factor authentication provides another layer to password security by refusing en-try from an unrecognized device without providing additional credentials. Alternate credentials can include a code sent to a mobile device or a personal security question that the user establishes when setting up the account.

A password manager assists users in creating strong passwords without the fear of forgetting them. Password managers are capable of creating strong passwords for multiple accounts and saving them so the user doesn’t have to keep track of an assortment of long complicated passwords. These complex passwords are guarded by the master password which is the only password users will need to remember.

Summary:

Passwords are the primary method of protecting data and personal accounts. Passwords can be created with endless numerical and alphabetical combinations. However, many users choose one password for all of their accounts. Many users don’t consider the consequences of their primary password falling into the hands of a cybercriminal. The compromise of one password that has been recycled through multiple accounts can lead to data being lost or the victim’s identity being stolen. The five main reasons that users should never recycle passwords include the compromise of multiple accounts, threatening company accounts, strengthening brute force attacks, increasing the complexity of phishing attacks, and the option of better password security resources.

For assistance in evaluating your strategies, technical requirements, staff evaluations and communications contact a ThreatAdvice Professional to learn more.