Would you use the same key for every lock in your life? Would you hand that key out to every company you ever interact with? Now imagine that making copies of keys are free and instantaneous, storage of the keys with nearly every company is unsafe, and the keys can be used remotely even from other countries. Do you see the insanity of reusing passwords yet? Friends don’t let friends reuse passwords.
In the past week LastPass disabled nearly a thousand LastPass accounts due to users reusing their LastPass master password with Yahoo Voices and Billabong, both of which were hacked and had public releases of username and the associated passwords.
All the disabled users broke all rules for protecting themselves, the three most important being:
- Never use your LastPass master password for any site or purpose. Your master password is very important. Treat it as such.
- Use LastPass to generate random passwords for every site you use. That way when these sites are hacked you get to laugh about it instead of stress and scramble. LastPass provides a security check to help you validate this.
- Utilize the (free) multifactor security options LastPass provides.
While LastPass is doing its best to protect people when we see these public releases, there are many more sites that are hacked that aren’t exposed. If you’re reusing passwords invest a few hours today to prevent days of heart ache when the next site is hacked.
Reusing passwords? Not even once.