Evernote, an extremely popular brain-dumping website, recently announced it was the victim of a data breach in which hackers gained access to its usernames, email addresses and passwords. The only bright side to the attack (if there is such a thing) is that the passwords were encrypted.
Evernote reacted by forcing all of its users to change their password. No big deal, right? Wrong.
Evernote has 50 million users. You read that right. 50 million users. How many of these 50 million users used the same password on Evernote as all of their other online accounts? My guess is a good percentage of them.
One password to rule them all
So how difficult do you think it would be for hackers to try the same username and password combinations they stole from Evernote on other popular sites such as Amazon, Gmail, any financial or banking website or any website that has not yet implemented two-step authentication?
As I stated earlier, the passwords stolen from Evernote were encrypted so unless the thieves find a way to break the encryption they are not going to be able to do much with the passwords. But what if the passwords hadn’t been encrypted? Or what if the hackers had breached another popular website that didn’t encrypt their passwords?
My point is this. If you use the same password on every website, it’s like carrying around an online skeleton key. And once you lose that skeleton key, you’ve handed over the key to your entire online existence to people who aren’t planning on doing anything good with it.
A better solution
Do yourself a favor and create a unique password for every website you use. If you have trouble thinking of unique passwords, let www.dinopass.com generate one for you. If you are worried about remembering the passwords, use a program like KeePass or, if you must, write your passwords down in a notebook. I’d rather take my chances with my written notebook than I would using the same password everywhere I go online.