At Oildex, we continuously review our security posture, which includes gaining insight from our users about security. We often hear about how important it is to keep our passwords and online credential information secure, and that best practice is for us to use separate passwords (especially the ones who handle sensitive information). The truth is, this can be a challenge with the sheer volume of passwords we have to remember. So much of a challenge, in fact, many of us may still be using the same password for our user/online accounts.
A recent survey by Statista shows the share of internet users in the United States who use the same passwords across multiple online accounts as of September 2017. Only 22% of respondents stated they used different passwords for every online login. A survey produced in January 2017 by Keeper also reported that over 80% of users reuse their passwords. Both are very concerning and validate the risk of not protecting your passwords.
Using the same password for more than one account is like having one key to unlock every door you use. If a bad guy steals or copies the key, every door is vulnerable. Don’t make it easy to get to your information should one of your accounts becomes compromised.
I am often asked about how we can keep our credentials safe and secure without the expectation to remember them all. There are a few options you have, but each come with their own risk. This helps protect your account from unauthorized access due to a compromised password. You are always going to want to follow any guidance or requirements you have from your organization for your professional credentials. Below are some general options you could consider to protect your information:
|OPTION||THE GOOD||POSSIBLE RISK|
|Do not share credentials amongst accounts and remember them all.||Most secure.||You can forget your password and could sometimes lock your account unintentionally trying to access it.|
|Store account information in your browser.||Simple and can save time.||If your computer is lost, stolen or breached in any way – your accounts are vulnerable.|
|Isolate your information using a separate email account used to register and receive password recovery on sensitive accounts.||Makes it harder for the bad guys to crack into accounts with the information you may have shared across multiple accounts.||You still have other accounts to worry about, and those credentials should be disparate as well.|
|Use a secure password manager.||Can help keep track of, generate and retrieve your credentials when needed.||You only need to remember a single password to get to all of this information – which is good and bad. You also rely on the service of another party for security.|
Going through a few extra steps to protect your information can seem inconvenient, but is always healthy.