You want to reduce the risk of getting whacked by ransomware and the other cyber horrors?
Answer: Reset your passwords.
More specifically, reset all your passwords so you’re not reusing a password across different websites, financial accounts, or wherever else you use passwords on the Internet.
Why? Because it increases the chances bad guys will get a hold of your password and steal your money or try to extort you in various ways.
And the chances of this happening rise dramatically if you use relatively simple (aka, weak) passwords and replicate them across different accounts and websites.
I know personally that it’s dangerous because I saw seen this happen to someone. In this case, the person was threatened* with ransomware (see notes at bottom).
Google made the case recently about the danger of reusing passwords. (The Verge). And last year Google published the results of a poll showing that “52 percent reuse the same password for multiple (but not all) accounts.”
I asked some experts who basically drove home this point.
“Reusing the same or a slightly changed password across accounts is a huge source of risk,” Lujo Bauer, CyLab faculty member and professor in the Electrical and Computer Engineering department at Carnegie Mellon and an author of a study that is summarized here, told me in an email.
“If — really, when — one site gets breached and the passwords used on that site are stolen, attackers can — and do — try using the stolen passwords to log on to other sites as well,” he said.
Bauer suggests, as does Google, that you use a password manager if you find it too challenging to keep track of lots of strong passwords across multiple sites.
(See “Best password manager to use for 2020” from CNET.)
People fall into the cognitive dissonance trap when setting their own password policy
Gerald Beuchelt, Chief Information Security Officer, LogMeIn, told me that “cognitive dissonance prevails” when people establish their own password-use policies. In other words, what you may tell others to do, you won’t do yourself.
“Some of the most common ways people are leaving themselves vulnerable online is by using weak, easy to crack passwords, and then re-using those same passwords on their other online accounts,” Beuchelt told me in an email.
He cited a study from LastPass, that said:
“53% of respondents haven’t changed their password in the last 12 months even after hearing about a breach in the news.”
“Taking just a few simple steps to improve your password behavior can lead to a significant increase in your online security,” Beuchelt told me.
Use the tools that Google provides
Google provides some very good tools that check if your password has been breached and will suggest which passwords are weak.
Use those tools. You won’t regret it.
*Luckily, it was a very old password that had been used on a non-critical website. But the point is, the bad guys figured out (hacked) his password and asked him to pay up (aka ransomware). He ignored them because it was a very old password he no longer used but that put the fear of god in him nonetheless.