In recent months, some big sites like LinkedIn and Evernote have had password leaks. Twitter hasn’t been immune to hacks, and even Sony a few years ago had credit card data stolen. There is, unfortunately, no perfect system – there are only the sites that haven’t been hacked yet.

PadLock-iconIn some cases, if a site that you have an account with is hacked, you might think, “I never really used such-and-such, it doesn’t really matter if hackers get into that account.”

That may be true to a degree. It may not really matter if that account is exploited. However, many people reuse passwords. So if your password for this unused account is the same as your email password, now your email is vulnerable.

That’s scary in itself. But it gets worse.

If you email account is vulnerable, then nearly every account you have with that email address becomes vulnerable. How?

If you’ve ever lost a password, you’ve probably used a “Lost your password?” link of some sort, in which case you know that if you don’t know a password, all you usually need is your email address and you can reset that password.

Here’s how it breaks down:

  1. You sign up for a new service using your email address and go-to password
  2. You forget about the service and never close your account
  3. The service is hacked and account information is leaked
  4. Hackers (and bad-bots) use this information to do 2 things
    1. get into your account on that service
    2. use your account information to get into other services (such as email or social networks)
  5. If the hacker can get into your email, other passwords become irrelevant
  6. The hacker can use the forgotten-/lost-password links on any site, and since they can get into your email, they can reset your password.

You might be tempted to think, “I’m not famous enough for anyone to bother hacking my account.” Although celebrities may at times be special targets, often the goal is to simply be destructive, not to target any individual.

With all that in mind, I hope you see the main point: Protect your email account above all else.

Here are a few general tips:

  • If your password is found in a dictionary – don’t use it, change your password now
  • If your password is a dictionary word, but you’ve done something like replaced “e” with “3” – don’t use it, change your password now
  • If you use the same password on multiple sites – change your passwords now
  • If your password is your username, real name, pet’s name, anniversary date, email address, etc – change it now

Consider a passphrase. What’s that? It’s several real words joined together, such as page massage volume chicken (this was randomly generated by passphra.se). The advantage with passphrases is that they are easier to remember than passwords like WdVL6hKAhVG17 and they’re more secure! They are also handy if you’re entering a password on to your mobile device.

If you’re a Gmail user, I highly recommend enabling 2-step verification as an added layer of security.

There are even more tips, such as how to keep track of all your unique passwords, on this Inndx.com post, How to change your password, as well as a video that shows you how to change your password on a WordPress site.