LinkedIn has been hacked, eHarmony has been hacked… When 8 million passwords from popular social networks were leaked, I thought it about time I took more care of my own passwords.
It’s easy to become jaded about online security. No matter how many times you’re told to use complex passwords, and not use the same ones everywhere, in practice it’s a hard thing to do.
But this week’s news that up to 8 million passwords from LinkedIn (the social network for professionals) and eHarmony (the popular online dating site) were leaked was yet another reminder of why such advice is absolutely right.
I ought to know better, but like thousands of other people, my approach to passwords is at best inconsistent, and at worst slipshod. I’m not totally reckless – my most important online accounts, such as PayPal, online shopping accounts, email and Facebook, have strong unique passwords. But I’m far from perfect. My LinkedIn password, which I’ve since changed, was my default ‘basic’ password for low priority accounts. It was the same password I’ve used on hundreds of websites for years now.
Not as secure as you think
That got me thinking – how many other accounts are out there with the same password? Most are harmless enough, but I’m certain out of sheer laziness I’ve used it to register an account or two on retail sites I used for just one purchase. I knew better at the time, but I thought ‘what harm could it do?’
The answer? Well consider research from Cambridge University that showed that the average password could be cracked in less than 1,000 attempts, the work of but a moment using the latest hacking technology.
I found this out to my cost a few years ago when my eBay account was hacked – it too was protected by the same password I used for LinkedIn. Thankfully the damage was limited to some fraudulent listings that were quickly removed, but it could have been worse had I not had the foresight to use a different password for my PayPal account.
How good are your passwords?
When we last discussed weak passwords on Which? Convo, many commenters said they use a password keeper like RoboForm to keep track of all their passwords. But unfortunately it looks like they might be more savvy than most.
The research I mentioned above found that despite efforts to encourage people to create better passwords, very few actually did. The report stops short of saying passwords aren’t good enough, but the logical inference is that people aren’t able or motivated enough to create and remember decent passwords. A fundamental problem considering the internet is so reliant on them for security.
Do you, like me, have a ‘go to’ password that you use too much? Do leaks like this make your reconsider your choices, and have you been a victim of online account hacking? Share your thoughts in the comments.