The importance of having not only a secure password, but a variety of passwords was recently highlighted though an interesting situation. For many years, I was doing what most people did on the Internet. I had only a couple of passwords which I used for most websites and a few unique ones for sites requiring higher security.
Yesterday I received this email:
A log-in attempt from the following location is currently awaiting your authorization.
This email came from an automatic system implemented by ArenaNet for Guild Wars 2. If you attempt to log in from an unfamiliar location, it sends a message to your verified email address asking if the login attempt should be authorised. An excellent way to reduce the chances of your account being compromised.
The email is only sent if your username and password are correct so this set off some alarm bells. One of my secure, but general use passwords had been compromised. Most likely by a poorly designed site which doesn’t store passwords in a hashed format.
What this means is that I had forgotten to change my password for Guild Wars 2 to something different and more secure.
For the last few years, I have been changing my passwords so that every site has a randomly generated, unique password. They’re all stored in the cloud, double-encrypted with secure passwords. I use 1Password to create, store and access my passwords. It runs on Windows, Mac, Android and iOS. It also has plugins for all major browsers to allow automatic entering of passwords.
1Password isn’t free, but I believe it is worth the price. There are cheaper alternatives such as LastPass (free with a “pro” option) and KeePass which is free open source software.
So heed my warning. Don’t use the same password everywhere. At worst, check out KeePass.