The Rising Threat of Password Duplication

By Jason Eichner

In a previous post I discussed various threats to online security, and ways you could strengthen your password and protect your sensitive information. I suggested the “perfect password” was long, hard to guess, and easy to remember – such as “I_am_called_Jason”. So – you’ve got a nice long password, you’ve strengthened your accounts against social engineering, and your account is still compromised, using the correct password. How? Password Duplication.

Now, my password “I_am_called_Jason” is a secure password – it may be based on public information, but it is long enough that the high entropy and variability makes it extremely safe. But there is still a way someone could acquire my password – If I give it to them.

How many accounts with different websites do you have? Personally, I have multiple e-mail accounts, online payment accounts, many social media accounts, accounts for every shopping website I’ve purchased from, etc – the list goes on. Now, have you ever used the same password for two different websites? If so, multiple services have all the details needed to access the other accounts that share a password.

Let’s look at a couple of examples, both based on real life events: