Many people use the same password for everything because it’s easier for them to remember.
There are a number of reasons that this is a bad idea.
Say that you use the same password for your personal email account and your computer login at work. You give your colleague your password to access your machine at work for some reason. Someone sees this written down or overhears you say it or you don’t really trust the work colleague (or they simply guess it’s the same as the dogs name). Finding your email address is easy as you’ve probably forwarded them loads of jokes or been copied on someone else’s jokes list. Now, typically an email address and password will let you access a webmail system. This means an unknown number of people could get into your personal email account.
Chances are you use the same email address and password to get into your favourite online eTailers. It doesn’t matter if not, they just click the ‘forgot password’ option and a random new password is sent to your email account – which they have access to. They can then log into your eTailer, order some items but change the shipping address.
While they’re on the eTailer site they can often find out additional information to start the process of cloning your identity for other purposes. Your address, age, marital status, security question, mother’s maiden name, previous order details to get an idea of how much money you spend on certain products. This also means they can tailor an email phishing attack to appear as though it’s from the etailer with an unbelievable special offer which you need to click the link to get. You then give them your credit card details including the 3 digit code. They can now buy a few more things from other sites using all the correct card details and card address.
If you use the same password for your Favourite Social Networking site then they can get in and post a few dodgy links on your page to downloads that will infect your friends machines and for good measure send them a few emails with ‘watch this funny video’ type links – with your endorsement. Next thing is you find all your friends phoning and asking why their machines are now infected with Fake AntiVirus warnings after click your links.
Changed your passwords yet ?