After coming to know that someone has used her credit card to buy iPhone, a friend of mine remorsed “I always knew that it was not safe to use the same password in all websites, but then I did so, thinking that it won’t happen to me!”. She realized she was terribly wrong and now it is a bit too late for her.
It is very natural that people tend to use same password everywhere and I am no exception. I am trying to evaluate the situation and venturing on to identifying possible solutions through this article.
Reasons for this practice
We are no super computers, and it is simply impossible to use different passwords in different websites. A netizen may have to register in hundreds of websites over years. One will be forced to reuse passwords for the sake of convenience, in spite of knowing that it is not a good practice. Some do so out of sheer ignorance, while many think they have nothing to lose even if someone manages to break into their email, since there is no sensitive data in the mail. But then online identity theft, is one of the crimes that is spreading a lot these days.
Solutions to the problem
1. Use separate passwords for personal & professional use
2. Use separate passwords for critical and non critical websites. As an example, use different set of passwords for forums, email accounts, banks etc.
3. Use same password with slight modifications
Eg: P@ssw0rd1 for one site and P@ssw0rd2 for second website or P@ssw0rdG for gmail and P@ssw0rdY for yahoo mail
4. Use unique password for all websites. But then no one could remember them all. So, store all such passwords in a location like a separate email account(Eg: Hotmail). But, what will happen if that Hotmail account is compromised. So, choose a password like “0op5”+”my unique password stored in email”. This is like a two part password. You will remember the first part of the password, but you will choose to store second part somewhere else.
5. Try to remember unique passwords used of all websites you register with!!!
1. Using a common login in all websites using an API. Examples will be websites that allow login using Google ID, OpenID, Fconnect etc.
2. Use a second layer of authentication other than password. A good example is “sms validation” recently implemented in Gmail
3. Another proven solution will be “staying away from Internet”!!!
I think I have covered almost everything I could think of now. Please share your thoughts as comments.