Is your password already known to hackers? I’ve had at least two of my passwords compromised over the years by companies that were careless to the point of stupidity. Maybe more (I have hundreds of email addresses).
The obnoxious forced use of your email address for login ID by security-ignorant companies isn’t helping matters. By requiring your email as your login ID, even companies like Apple and Google are reducing your security and are training billions of people to have bad habits.
But it gets worse.
Apple iOS by its very nature makes it a huge hassle to use a high quality password by making it hard to type and impossible to see what you’ve typed. So they train you to use short low quality passwords lacking in variation. Apple has been guilty of this for years now.
How passwords are compromised
Never use the same password for more than one thing, excepting obnoxious things like the new HealthSafeID which is required for some sites, an inherently flawed single point of compromise system.
Lots of ways a password can be compromised.:
- Sites that store the actual “cleartext” password instead of a cryptographic hash. In other words, it can be displayed for anyone to see, or hack into.
- Regular password-resets that force you to use less and less good passwords, because you cannot remember the dozen or more passwords you are forced to change every 3 months. So you start using the same password in multiple places because it’s too damn hard to remember so many changing so often.
- Password-reset schemes: an fixed list of “security questions” that are invariably themselves major security risks because the answers are readily available (hint: make something up, never use the real answers). An attacker just resets your password using these along with your well known email that you were forced to use as your login id.
- Cyber social engineering: getting tricked into revealing it by phone, phishing, fake web sites, etc.
- Zero-day exploits that compromise your computer or device and all your passwords and information, unknown to you until disaster strikes. This one is a bad one, because you cannot do much about it.