How many passwords do you have to remember for all of your online accounts? I hope it's a lot. Specifically, it should be 1 unique password for every single online account you have.
A common practice is to use the same password for every account - makes it easier to remember, doesn't it? It also makes it really easy for a hacker to access ALL of your accounts.
Let's say you have only two online accounts. One is your bank, and one is a profile for a insurance industry message board. The message board doesn't have anything personal - just your name, email address and all the messages you've posted. Not a huge deal if it gets hacked. Now imagine the company who manages the message board thinks the same thing - no personal data, so why bother with password encryption? This makes your message board a target for hackers. They get ahold of a list of easily accessible passwords, then start trying the email address/password combos everywhere, banking (excuse the pun) that you've used the "same password for everything" trick. Now your bank account has been compromised.
For this same reason, when there's a major security breach at company like Yahoo.com, other companies will sometimes cross-reference the list of compromised accounts (which are often published by the hacker, trophy-style), and temporarily suspend the matching accounts in their own system to prevent the account from being accessed by a hacker as well. MailChimp did exactly this after Yahoo accounts were hacked in July.
So if you shouldn't reuse passwords, how do you keep track?
Here's what NOT to use:
Anytime you write down your username and password, it becomes an easy target for someone to swipe and walk away with (or even look at and memorize a few of the more appealing ones, like your ATM PIN).
Another bad idea? Emailing yourself the info. Email is very insecure, and hackers know it. When your email leaves your inbox and goes out into the world (sometimes even if it's coming right back to your inbox), it can land on any number of servers - none of which you have any control over or are secured. So a hacker only needs to look for easy to access email servers, and then search the emails for juicy tidbits - like your passwords. So while emailing the info to yourself ensures it's in a easy to locate place, it doesn't keep your information private.
So what's the best way to keep track? Using software designed specifically for storing your passwords securely. I recommend 1Password.
- It's easy to use. Simple data entry for your info, and you can tag your passwords with different categories.
- It has very useful plug-ins for internet browsers. Using these plugins makes it easy to save the info to your 1Password Vault and to recall them (just click and your username/password is entered for you!).
- It's secure, so as long as you remember that one single password you need to access your 1Password vault and don't share it with anyone (or email it or write it down), your passwords are all safe and secure on your computer.