Perils of Pin and Password Reuse

Reuse the same PIN and password all the time? Reusing the same PIN cost a B.C. man $6700 and counting.

CBC’s Go Public reported today that Mark Scheffers is still on the hook for charges his ex-girlfriend ran up on a credit card she stole from him. He didn’t give Jessica Van Tent the pin for the credit card but months before he gave her the pin for his debit card which he reused for his credit card. The credit card company is still holding him liable for the charges even though she confessed and has been sentenced.

Now I’ve written before about don’t kiss and tell your password but today I want to focus on password and pin reuse.

Perils of Password Reuse

It’s exhausting how many passwords and pins we have today. And I understand how tempting it is to just reuse the same passwords over and over again. But it’s just not secure. In the last few years we saw several hugely web sites get their user databases hacked (like Adobe) and the Heartbleed vulnerability threatened the passwords of millions. Once hackers got their hands on one web site password, they merrily tried that password on other web sites.

And now a lot of web site administrators are demanding more password complexity. No longer can you use password123, they’re demanding longer passwords in upper and lower case letters mixed with numbers, punctuation marks and as one humorous Facebook ecard suggested recently the blood of a virgin.

You need a password manager program and one that generates complex passwords for you. I recommend (you can google password management for others).

LastPass remembers passwords for all the web sites you use, suggests improvements on your passwords, provides form fillers (useful for online Xmas shopping), wifi logins and is free for desktop or laptop use. It’s a shocking $12 a year for mobile devices. And works with all the popular browsers and platforms.

And LastPass warns you when there are important security issues. LastPass very proactively worked during the Heartbleed vulnerability to notify their users what was going on and what users had to do to secure themselves.

Avoid the perils of the password and pin resuse and get a password manager.