A good friend once said that friends don’t let friends reuse passwords. This sage advice is as true now as it was then. Perhaps even more so.
This week we were once again reminded why reusing passwords is a very bad idea. Yahoo! just announced that its entire database of users was breached way back in 2014, resulting in over 500 million logins being sold on the black market.
These login details contain enough information for an attacker to discover your Yahoo! password, and if you’re using this same password on other web sites, they will be able to log in as you on those sites as well.
Depending on how many Yahoo! services you depend on (such as Flickr), you may or may not be alarmed, but if you reused your password on other websites, you really should be.
Password reuse is scary
I’ve had a Yahoo! account for longer than I care to admit. I believe I created mine in 1999. Times were simpler back then and I didn’t have anything that needed to be protected – or so I thought.
I didn’t take my security that seriously at the time so I did what I always did for all my accounts and signed up using the one single password that I used everywhere:
After a while, I stopped using Yahoo but I continued reusing my password wherever I went. Years later my Yahoo! account was broken into and I got lucky – the thief only cared about sending spam and never bothered to change my password to lock me out. 1Password was a daily part of my life by that time so I updated my Yahoo! password to
NigEAKnb6cfaEpqKxWDGJPVi7Ld and moved on.
My Yahoo! account was now safe but my silly old password still survived on many other websites. I even used my ridiculously weak password for the company web server that was setup before 1Password even existed.
Even though I had already changed my Yahoo! password, the thief could have easily taken over my other accounts. If I was “famous”, things could have turned out much differently.
If you have a Yahoo! account it’s time to fire up the Strong Password Generator and change your password to one that’s unique to Yahoo! and Yahoo! alone.
This a good first step and it’s only the beginning. The next step is to find all the other sites where that password was used and update them as well. You can use 1Password to search for your original password and update every site that matches.
You can also use Security Audit to find other reused passwords. And while you’re there you might as well check the Weak Passwords section to see which sites have lame passwords. You might be surprised at what you find 🙂
Protecting Your Team and Business
The scariest part of password reuse is it becomes second nature and before long reused passwords start appearing in unexpected places. The website you thought was protected ends up being an open door.
This is exactly what happened to me before 1Password existed and I shudder at what could have happened if I didn’t change my ways. I would feel terrible if anything ever happened to my colleagues as the result of me reusing passwords. Part of my responsibility of being on any team is using strong passwords like these:
As 1Password user, you already know that having unique passwords like this for every site is super simple – it’s literally easier to be secure with 1Password than being insecure without it.
When you’re on a team it’s not enough just for you to follow safe password practices. Your teammates might be reusing passwords because they believe it’s easier, putting the entire team in danger.
If your team is reusing passwords, emailing them to each other, or collecting them in an Excel spreadsheet, you’re likely to be in the news in the future – and not for the right reasons! 🙂
This is why we created 1Password Teams – to help you and your entire team make doing the right thing the easy thing. With 1Password Teams, everyone in your team can be the strongest link.
As luck would have it, our Teams special launch special is still available: until October 15th you and your entire team will get all the features of our Pro plan for the very low price of the Standard plan. If your team isn’t using 1Password already, be a hero and sign your team up.
The internet has come a long way in the last 20 years and we all need to evolve our security practices to stay safe, both in our personal and professional lives. Bad habits that we learned years ago simply have no place today.
All this talk of password reuse and reminiscing has me feeling nostalgic. It’s time I reach out to my dear old friend and thank him for inspiring today’s post. ❤️