I did a password health check. It was frightening.
It's hard these days to go online and not read something about cyber security, or a recent cyber crime event, and not have passwords come up as part of the solution. Heck, I'm one of the people writing these articles...
So when I finally put aside some time to do a password health check, I was bewildered by the number of passwords I have re-used across multiple services, and how many of those combinations have been caught up in cyber attacks around the world
I'm a little surprised that hackers aren't logged into every online service of mine right now actually. Given I'm considered someone who should know better, I thought I'd share the experience with everyone, and perhaps pass on some real-life tips you can all use to strengthen your password security a little. Seriously, if mine was this bad, everyone needs to go through this process.
First up, I use a paid version of LastPass to manage most of my really sensitive accounts and passwords. LastPass is a third party password manager – more info on how that works is here. I also use Chrome's built-in password manager while logged into my Google account. I'd like to think the latter is quite common, but I do recommend using a proper third party password manager if you can find the time.
This experience came from a Chrome popup I got while logging in somewhere - it said that the username and password combination I was using had been found online. Basically, this means that hackers could log into this service, or any other service that has the same username and password combination. That's not good. So I clicked the button to review all the username and password combinations I have that might be at risk - there can't be that many can there? There were 34...
Seriously. I had inadvertently re-used the same username and password combination 34 times (that Google knew of), despite being someone that tells people all the time not to do that very thing! How embarrassing.
I finally put aside some time and painstakingly went through the list, logged into each service and updated my passwords for each of them. I have a clean bill of password health, which is a great relief. For a lot of the services that I use infrequently, I simply got Google to suggest a strong password, which then automatically updates in my password manager so I don't need to remember it.
Traditional wisdom says we should change our passwords regularly - well, the latest research shows that the more we change our passwords, the weaker they become, and the more likely we are to re-use passwords across services. So, don't worry about changing your passwords all the time - just pick a nice strong, unique one and stick with it. This is where password managers shine.
I've no doubt that the average person would re-use passwords across many services. I really do recommend that you go through the same health check I did and sort it out. Once you're hacked, it's too late.
There are so many horror stories out there about people who have suddenly lost access to their phones, email, social media and so on - don't let it be you. Oh, and switch on two-factor authentication wherever possible - that will let you sleep really well at night...
For a confidential conversation about your insurance program, contact one of our members today.
General Advice Warning
The information provided is to be regarded as general advice. Whilst we may have collected risk information, your personal objectives, needs or financial situations were not taken into account when preparing this information. We recommend that you consider the suitability of this general advice, in respect of your objectives, financial situation and needs before acting on it. You should obtain and consider the relevant product disclosure statement before making any decision to purchase this financial product.