Don’t Reuse Passwords

I’ve been focusing most of my efforts on my new weekly newsletter. But I wanted to make sure some of this info is making it out to my blog, as well. Here’s a little taste of my newsletter. To get this yummy goodness automatically every week, sign up here!


This tip is one of the most basic and yet most important pieces of advice I can give you, and lately is has become critically important. There has been a rash of “mega-breaches” this year – hackers have compromised a large number of high-profile corporate servers to steal tens of millions of account credentials (ie, email addresses and passwords). In some ways, this isn’t new – this has been going on for a while now, though it’s been getting worse. It’s also not new that they are taking these credentials and trying to use them on other online accounts. However, the scale of these attacks has markedly increased. This report talks about a recent attack involving 1 million attacking computers against almost half a billion accounts at two large web sites – a “financial” company and a “media/entertainment” company. Another article notes that Carbonite accounts were attacked in a similar way.

What this tells you is that the bad guys know that most people reuse passwords – that is, people use the same password on multiple sites. Passwords are hard to remember – I get it. But if you want to be secure, you need to use unique passwords for every website – at the very least, for the important web sites. These include not just your financial accounts, but your email and social media accounts, and any site that has your credit card information.

How do you do this? YOU don’t… humans are not capable of remembering dozens or even hundreds of unique, strong, random passwords. You need a password manager, like LastPass or 1Password or KeePass. I personally recommend LastPass (see Tip #2 in the Top Five Tips pamphlet I sent you). LastPass offers a Security Challenge (which you can find at the left in your password vault) which will tell you which passwords are bad and highlight any places where you’ve reused the same password. You can also use LastPass to automatically change your password on many sites

Regardless of how you do it, you need to set aside some time in the very near future to generate unique, secure passwords for your key online accounts. While you’re at it, turn on two-factor authentication wherever you can.


Again, sign up here to receive helpful tips like this every week, delivered to your inbox! (And no, I will never give your info to anyone else.)

Need practical security tips?

Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.

Don't get caught with your drawbridge down!

Scroll to Top