Password Pain - part 1. Why do you need different password for every website?

Cutting a long story short - it's because you don't want to let someone steal a master key to take  your money or damage your reputation.
​

How it happens

Hackers steal information from companies, trying to obtain lists of usernames and passwords, which they then offer for sale online to scammers.

In the same way a telesales company might buy a list of people's phone numbers and work through it dialing each number in turn trying to sell you double glazing the hacker buys a list of usernames and passwords and works through it trying each username and password on a variety of sites.

Where do they get your username and password?
A few of the most notable sites who reported data breaches in 2018 were; Facebook, Uber, British Airways, T-Mobile as well as thousands of smaller websites and organisations. 

What do they do with it?
Let's say you have booked flights with British Airways a couple of years ago. You used your email address and regular password that you use in several places to register with their website. As the scammer now has your email and password they can possibly now get into your British Airways account.
What can they see there? Probably your full name, address, date of birth and possibly any saved bank card details too. This helps them to build a profile of you and could possibly try using your card details to purchase things online.

Where do they go next?
Now they have your keys they can try them in many other doors, probably starting with the main email providers; Gmail, Yahoo, Hotmail/Live/Outlook, AOL. There are even software tools they can use to check thousands of the names in a matter of seconds and flag up to them which doors  opened.
You used the same password for your email so now they can access and read your email without you knowing they've even been in there. When are you going on holiday? Who are your family and friends? They can send emails out pretending to be you and even change your email settings so any replies go to another email account under their control to hide the unusual activity from you.

A common scam at this stage is to send an email to everyone in your address book saying 'Help, my wallet and phone were stolen and I'm stuck in another country, please lend me £300 - here are my (the scammer's) bank details'. These emails can be made to look very realistic as they have read all about your trip in your emails!

The prizewinning scam 
The big prize is getting access to your online banking and emptying your savings account. But what if here's where you've been savvy??  You've used a different password for your internet banking!

Have you ever forgotten the password for a site and clicked the 'forgot password' link and had a special link emailed to you to reset your password? The hacker can go to a website, click forgot password and then watch your email waiting for the link to reset your password. They can then change it to a password that they choose which will mean your password no longer works and you now can't get into your own account. They can even delete the reset password email so you never know it was there.

And the reason your bank forces you to use that irritating code generator or card reader is?
Banks have a duty to protect us and they know that a lot of people reuse passwords. The extra devices or the bank's own app on our phone force us to generate a second 'password' that can't be bought from a list online so our accounts stay safe.
​

How to Stay Safe

Use what's called multi factor or two factor authentication if you are offered the option.
This just means you prove your identity to a website with two ways of identification, usually something you know (your password) and something you have (bank dongle or mobile phone).

It's easy to set up, just make sure you give your mobile number when you are creating an account with a website and ticking the box for them to send you a code by text message whenever you want to log in.

Using a password manager can revolutionise how easy it is to manage your online life and even improve your online security.

LastPass is free and really easy to use so why not check it out now

*If you use my refer a friend link below we both get a month of the Premium version for free!

​Password Pain - part 2 - How do I remember all these flippin passwords?