Coming up with a strong and relatively easy to remember password doesn’t have to be a big deal. But it can always happen that the security of a service is breached and our password falls into the hands of attackers, and then it doesn’t really matter how strong or well-crafted it is if someone simply knows it.
The solution is simple, but not that simple. We should have a different password set for each service, because cracking one service will not mean cracking the others. The problem, of course, is that we can have dozens of different accounts on the Internet, and remembering so many strong and different passwords is basically impossible.
A very good option is to use a password manager like 1Password or NordPass, where we store our passwords, and only need to know one really strong password, which gives us access to all the passwords. If you don’t want to use a password manager or simply don’t trust it, but still want to be careful about the security of your online accounts, you need to be a bit more strategic about which passwords to use repeatedly, and conversely which services deserve a password that we only use once and only once.
Somewhere reusing passwords may not matter
We usually read that passwords should not be repeated. On the one hand, this makes sense, because knowing one password can open the way to a number of our accounts. On the other hand, as long as we don’t use a password manager, we probably can’t avoid some of that repetition.
Where passwords can repeat
Some services require registration to use, but in practice we don’t store any confidential or sensitive data on our account, not even our name. These can be various forums, fan sites or simply accounts we set up just to use a service.
As long as these accounts don’t really contain any personal data and are not important services that we definitely don’t want to miss out on, then reusing the same password doesn’t particularly matter in principle.
If we lose the account in question, however, nothing special should happen. The password does not have to be elaborate in any way. In fact, it makes little sense for attackers to attack individual accounts of similar services. For hackers it makes sense to attack the entire database of users, thus in practice breaking the security of the entire site. If the password gets out this way, there’s not much we as users can do about it anyway, and the strength of our password isn’t that important.
We shouldn’t pick some completely obvious or frequently used weak passwords, but we don’t have to worry about it again for that long. Any somewhat normal password will do.
Any private data deserves a stronger password
Then we have the various online services that already contain some of our private data. It can be a name, an address, but also an order list, for example. Typically these will be various e-shops, discount voucher portals or systems for booking need hotels, but these data may also be required by other services when registering.
Since there are quite a few of these services, it is quite difficult to come up with a unique and strong password for each one. However, unlike really unnecessary services and registrations, cracking one can mean that hackers get access to some information. That’s why these services already deserve a strong password, but we’ll be using it multiple times for multiple services.
Which services must have a unique password
For some services, password repetition doesn’t matter, for some we have to bite the bullet, although it would be better not to. But then there are online online services where it is absolutely essential to create a completely unique password that is not used anywhere else. These are services that are used to recover forgotten passwords, but also services that contain a lot of personal data, or even services that lead to our money. So these are mainly:
- Internet banking (or other financial services)
- Social networks
These services should have a really strong password, which in addition you don’t use anywhere else. Also, it’s definitely recommended to turn on two-factor authorization, which will protect these accounts with an extra layer of security.
Losing any of these accounts is a disaster. An attacker can get access to a lot of sensitive data, impersonate us, take our money, or even gain access to all of our other accounts. Protect these accounts like the back of your hand, and really be careful about what passwords and security you choose. Underestimating security could pay off harshly.