No Matter How Good Your Password Is, There's a Reason You Can't Use It More Than Once


To easiest ways to get into someone's accounts — whether it's Amazon, Netflix, social media or banking accounts — don't involve a line of code, or even guessing what your password is.

Many people have godawful passwords that are very guessable, to be sure. Every year, the leaked password report from SplashData says that "123456" and "password" are the most commonly-used passwords on the internet. 

To get your password, attackers don't have to hack your account. All they need to do is find a single, old, compromised account of yours and hope you use the same password over and over again.

In the past month, massive payloads of old passwords went up for sale on the dark web — 32 million passwords from Twitter, 65 million from Tumblr, and a staggering 427 million from MySpace. If your passwords were in these databases, any account that uses even a similar password is compromised.

Luckily, there are ways to prevent this from happening to you.


Practice safe cybering: There are a couple of simple, immediate measures that could inoculate you from such a simple attempt to access your account.

The first is to use two-factor authentication. Many popular services — like Facebook and Google — have this simple function. Once you enable it, you will get text message every time you log into your account using a new device, with a code that will log you into your account.

This would mean that in order for someone to log into your account, they would need to have your phone. They could, hypothetically, use charm and con artistry to trick your service provider into handing them your phone account, like hackers pulled with prominent activist DeRay Mckesson. But there's little you can do about that.

The second option is to use software called a password manager. This is a program that creates multiple, encrypted passwords for each of your services, and then gives you one master password. Essentially, it gives you a skeleton key for all of your accounts, and hides all of the originals.

The password managers that are often highly rated are 1Password and LastPass. KeePass gets high marks too, but allegedly had software vulnerabilities in the past.

But if you don't want to do any of this, just try one, simple trick right now: Change your password.