Break the habit of password reuse

Greg Jennings

Wednesday 16 November 2022

• Share this with Facebook
• Share this with Twitter
• Share this with Facebook Messenger
• Share this with Facebook Messenger
• Share this with LinkedIn
• Share this with WhatsApp
• Share this with Email

Since the rapid move to digital, the number of online services, websites, and social media platforms that require a new account and password is constantly increasing. This increase has resulted in online users using the same password across multiple accounts.

Following the rise of password cracking software, companies continually ask their staff to set a long and strong password to bolster their cyber defences. As an unintended consequence of asking users to meet complexity criteria, such as numbers, symbols, and length, it’s difficult to memorise multiple passwords. Although we generally understand the risk of password reuse, the behaviour is widespread across globe.

Why shouldn’t we reuse passwords?

The main risk of password reuse is all accounts that share the password are left vulnerable. Accounts without multi-factor authentication are at a greater risk. If a hacker compromises one account by guessing your password, their next step will be to try the same password across multiple accounts to see how much access they have gained. This creates chaos for the victim, especially if these accounts hold reputational or financial risk.

What you can do

With some large digital events coming up such as Black Friday and the general uptick of online shopping over the festive period, accounts and passwords will be more heavily used than usual.

Follow our password guidance

Here are some of our top tips for password best practice and to help you keep your accounts safe – both over the festive period and going forward:

1. Follow the steps on our password web page for creating something that is strong and secure.
2. Don’t reuse passwords. If you find yourself tempted to do so, remember the associated risks involved.
3. Password managers are a helpful tool for assisting with password storage. They also relieve the burden of having to remember all your passwords. IT Services don’t recommend one specifically, but there are many out there to choose from.

Check your accounts for potential breaches

There is the risk that a password you currently use may already have been exposed during a data breach online. To check whether your account has been involved, visit Have I been Pwned. Simply enter your email address and it will inform you of any breaches your email address has been involved in. If it shows that any of your accounts have been linked to a data breach, we advise that you change your password immediately.

Enable multi-factor authentication where possible

And, as ever, adopt multi-factor authentication on any account you have when it’s available. A strong password on its own may appear secure, but an extra layer of protection will further safeguard your online accounts from cyber criminals.