Convincing Arguments on Why You Shouldn’t Reuse an Old Password

by Klaus on March 14, 2018

in Security

You might have noticed that when you try to return to and old password on some service they will tell you, you can’t do that. Have you ever wondered why that is? I mean, for you it would certainly be easier to go to an old password, right? For example, you’ll find it much easier to remember. You could be forgiven for thinking the only reason companies do it is because it makes them more secure – the extra difficulties to the user he damned. Is that what is going on?

In a word, no. There are some very good reasons why companies don’t allow you to return to old passwords. For these same reasons it’s generally a good idea not to recycle old passwords you’ve used somewhere else on other websites. Let’s explore them, shall we?

One of the reasons companies ask you to change your passwords is because there is a security breach

Sometimes companies will ask you to change your password every few months, to aid their security. Other times, however, they know that there has been some sort of breach and they want you to change your password so as to make sure people don’t have access to your account.

Obviously, if you change back to that password somewhere in the future, that means that you are once again compromising your account and allowing such hackers access to it.

When I recently gave that reply to somebody, they said “But they’re not going to try the password if they realize it doesn’t work the first time.”

Oh no? And how are you so sure of that? Do you think only companies know that people like to go back to their old passwords? Hackers are perfectly aware of that fact as well and will therefore not just try the password they got for your account the one time, but will retry it every few months for years to come.

Remember, that’s pretty easy for them to do. All they have to do is put your password into a script and then let that run in the background. No more effort required on their part! And then when you go back to that password they’ve got access again.

Sometimes companies aren’t aware of their security breach

Another big problem is that sometimes it can take months for companies to realize they’ve been breached. And sometimes even when they realize, they don’t tell their users. After all, to admit to a security breach does serious damage to their reputation.

Better to try and resolve the problem internally and push a password change as a standard procedure just in case.

So yeah, it’s totally possible that outsiders have breached your account without you ever becoming aware that this has happened. The only way to make your account secure again? By changing the password to something new that you haven’t used before.

If you use a compromised password elsewhere

It gets worse, because many people have a tendency to take passwords that they’ve used on one site – say their gmail account – and then use it somewhere else – like at supremedissertations.com website . But if they’re compromised, that means you’re exporting that problem to new accounts and giving hackers access to huge swaths of your life.

Don’t think they’ll be able to find those accounts? Think again. After all, most of use the same user names in different places. Heck, often we’re required to use the same user name – for example when we’re asked to fill in our email address. That means really your password is the only line of defense between a secure account and one that isn’t. And obviously, if that password isn’t secure – well you can do the math.

But I can’t remember that many passwords!

Of course, that isn’t really new. We all know that its’ much better to have strong passwords, change them regularly and switch them up from one device to the other. The thing is, though we understand the theory, the practice is a lot harder. We can’t remember those really hard passwords and we’re not supposed to write them down either.

The result? We end up locked out of our accounts and unable to live our lives as we depend on what we do online to do so. Really, the memory problems we’ve got are one of the primary reasons why the person sitting in front of the keyboard is still considered the biggest security problem out there.

The worst part? It’s not their fault! We’re simply not built to remember strings of letters and characters. Heck, reading and writing is only a few thousand years old! Our brains haven’t yet fully adapted.

So, what to do?

Fortunately, it’s not all bad news. There are a number of ways that you can secure yourself without having to remember dozens of random strings of letters and words. Probably the best is to use a password manager. There are a lot of them out there. Of course, if you’re going to go this way then you’ll want to make sure that the one you’re using is as secure as it can be.

For this reason, many firewall providers and virus killers are offering password manager services now. These will protect your passwords behind a single master password, which will then be the only one you’ll have to remember. Of course, some people don’t like them and don’t want to use them. So what to do, then?

You can use the strategy of information overload. For example, you can use a book that you carry with you and use the first (or third or eighth) letter on the page and then read downwards from there to get a random string of letters. Some things to note if you use this strategy:

  • Don’t use the first word on the first page. This only works if people don’t know where your password starts.
  • Don’t go from left to write as words follow patterns and are easier for hackers to crack.
  • Make sure you use an old book as otherwise it will be incredibly easy for people to figure out which page you’re flipping to. Also, don’t trace the letters with your finger, as this will leave a mark.
  • By changing passwords often, you’ll end up using a lot of different pages, which will make it far harder for people to figure you out.

Another good way to create information overload is to create a group of pages of random characters and imbed your passwords in them. As long as they are just as random as the rest (in deed, if you select a group of characters from this page) then people will not know where to start.

Do note, this is only so effective. If people figure out where your passwords are written down, they’ll probably be able to crack them eventually. So, make sure that if you use this strategy your source is not in plain sight. Put the book back in the cupboard and hide the character sheet under some incongruous name people will not be able to recognize.

Comments & Leave a Comment

comments

{ 0 comments… add one now }

 

Leave a Comment

CommentLuv badge

Previous post:

Next post: