Facebook Plunges Again
Tumblr 101: Tips And Tricks To Get Started
75% of people use their email passwords on Facebook, study says
It's really easy to remember your Facebook password when it's the same as the password on the email address you use to sign into Facebook. Unfortunately, it's incredibly insecure. If someone gets one of your passwords, they've got both. Despite the seemingly obvious problems with using the same password for social networks and email, a new study from BitDefender says 75% of Web users do it. Doh!The usernames, email addresses and passwords in the study, over 250,000 of them, were "easily found online," from sources like BitTorrent and blogs. Of course, that makes me wonder about the 75% number. If the sample is from passwords that have already been compromised, it makes sense that they wouldn't be the most secure passwords around. Either way, these numbers should serve as a warning about making sure you use strong passwords, and make them different for every account.
[via Switched]
Comments
7
Subscribe to commentsKBSAug 17th 2010 5:03PM
Once someone knows your email password, they can get password for almost everything. That's how recovery password works for every social websites, isn't it? Just type in the email and click forgot password and they will send you a confirmation email to get a new one.
And this might be the biggest flaw in today's generation.... maybe some security options that banks use like three security questions may help a little bit...
ToukakoukanAug 18th 2010 5:07AM
I'm sorry, but this advice of "Use a different password for each website" is completely daft. It's hard enough for most people to remember two or three high-security passwords, let alone one for every website they use!
Sure, you could use a password manager, but what about when you need to check your email at a net café and you've forgotten your USB key?
The most you can ask of users is to split sites into low and high security so at least they don't use the same password for their email account and ilikesmilies.com
CMAug 19th 2010 3:54AM
I would never enter my email (or other important) login details on a computer I don't control. That definitely includes internet cafes. Could be anything installed on it, deliberately or not.
If you don't want to use Keepass (which does work perfectly for me), there are still ways to have secure unique passwords and still being able to remember them. See here, for example:
http://lifehacker.com/184773/geek-to-live--choose-and-remember-great-passwords
LisaAug 18th 2010 10:59AM
Keepass or Lastpass, people. This ain't science.
WillAug 18th 2010 12:27PM
Then if someone comes across your Lastpass password, they know em all... :)
I know in a perfect world we're meant to use different passwords for everything, but my memory can barely remember one secure password let alone fifty...
216Aug 18th 2010 1:46PM
The beauty of LastPass is that they have even MORE ways to lock down your account if your paranoid enough. They have USB key locks, and also the Multi-Pass authenticator which requires the person accessing the account to look at a print out and report back a random number sequence (or something close to that)
Lisa MunroAug 18th 2010 1:13PM
It is true that any password manager is only as good as the master password that you pick. I've generated a random, 15 character password that includes numbers, upper and lower case letters and special characters. Then I just made myself flat-out memorize it.
Both Keepass and Lastpass also offer dual authentication. That way, you have to physically HAVE something in addition to KNOWING the master password. Keepass lets you specify a keyfile (which would be ideally placed on removable media) and Lastpass lets you use either a Yubikey or a randomly generated grid to authenticate your access to the passwords.
Using either of these programs offers way better security than a handful of easily hacked passwords.
Just my two cents! :)
Best,
Lisa