Fri 13 December 2019
Karl E. Jørgensen
Every site (or every account) you use should have a different, distinct
password. Every single one.
Never re-use passwords.
That way: if one site gets hacked (and your password leaked on the
darker parts of the web), only
that account is leaked. The potential
damage is reduced. The bad guys will not be able to use your account
name (probably your email address) and try the same password on other
things: LinkedIn, Facebook, GMail, whatever.
And trust me: They
And web sites leak details
regularity - partly due to bad security
(business pressures here do not help), sloppiness or bad employees.
The law of large numbers almost ensures that you have had at least one
password exposed. Hopefully it was just an old one, and only for one
You should also change them regularly: This will help when web sites
leak passwords - e.g. if the leak is from their 3-month-old-backups
(that they forgot to encrypt or protect properly), then this is
(hopefully) your OLD password, which is useless to the bad guys.
Also: it may take some time before the "wrong" people get their hands
on the leaked data.
This gives you a lot of passwords to keep track of. Most likely: more
than you can remember. So keeping track of them in your head can
become a real struggle.
For this, I would recommend a password manager -
(others are available too). Then you only have to remember the one
master password to unlock the password manager.
Or if you really ONLY have a need for web site password management
(most people have other passwords), it is worth using the password
feature in your browser - as long as you set a master password. Which
you should always remember.
Make your master password nice and long. Don’t think of it as a WORD :
Use a phrase or a sentence. The longer the better. You probably only
have to type it once a day anyway.
And make sure you back up your (encrypted) master password file:
Losing that would be bad.