A hacker’s secret weapon: Your reused passwords – Why now is the time to stop this bad practice

September 21, 2022

By Kim Komando

How many sites and services do you keep accounts with? Between shopping, banking, apps, work and social media, do you have 20 accounts? Or perhaps more than 100? Tap or click here for 10 tips to secure your accounts with strong passwords.

We hope you’re not using the same password for all your accounts. This is one of the biggest mistakes you can make regarding online security.

If a hacker discovers your login credentials, they can use them to try logging into all types of accounts until they find one that grants them access. If you haven’t taken it seriously already, here’s a significant risk of using the same passwords.

Credential stuffing

A report from identity management service Okta reveals that 34% of overall login attempts result from credential stuffing or hackers using stolen credentials to force their way into multiple accounts. The company found over 10 billion examples of credential stuffing on its platform in the first 90 days of 2022.

Hackers get your credentials from volumes of stolen or breached logins and use them to target online platforms with multiple login attempts. This strains the servers, impacting everyone who uses the site.

Once inside an account, the hacker looks for credit card numbers, Social Security numbers, financial information and other valuable data. They can use this information against you or hold it for ransom.

How to protect your accounts from these attacks

Take some time out of your day to check off each step below. You’ll be saving yourself from a lot of trouble in the future:

• Use strong, unique passwords — Tap or click here for an easy way to follow this step with password managers.
• Safeguard your information — Never give out personal data if you don’t know the sender of a text or email or can’t verify their identity. Criminals only need your name, email address and telephone number to rip you off.
• Always use 2FA — Use two-factor authentication (2FA) for better security whenever available. Tap or click here for details on 2FA.
• Check haveibeenpwned.com — Enter your email address into this online database to reveal which data breaches you might be involved in.
• Avoid links and attachments — Don’t click on links or attachments you receive in unsolicited emails. They could be malicious, infect your device with malware and/or steal sensitive information.
• Beware of phishing emails — Scammers piggyback on breaches by sending malicious emails to trick you into clicking their links that supposedly have important information. Look out for strange URLs, return addresses and spelling/grammar errors.
• Antivirus is vital — Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!

Keep reading

Username mistakes you’re making that put you at risk online

3 immediate steps to take if you fell for a scam