People have been talking about passwords since the invention of logins. Everybody knows your password should be a secure as possible and you shouldn’t use things like your Dog’s name in your password. However, it’s also quite hard to remember complex passwords so often a compromise is made.

Just having a really secure password that you’ve memorized but using it on every account you own is just as insecure. In the past few years the following corporations have been breached: T-Mobile, Sony, Adobe, EBay, JP Morgan Chase, Ashley Madison, British Airways and many more. Often customer email addresses and passwords are stolen when these breaches have occurred.

There is a website called pastebin.com which allows people to anonymously post text for the whole world to see. When breaches occur the information usually ends up on here. Attackers can search this large online database for things like @gmail.com and then find lists of email addresses & their passwords. They will usually try lots and make note of which one’s work, then come back to these and see what else they can exploit.

Recently a Security Blogger (James Jeffery) pointed out that British Telecom’s BTFon service is wide open. BTFon is subscribed to by default for BT customers. The service enables a BT customer to get Free WIFI by piggybacking off other BT user’s WIFI when they are away from home. So if you had an @btinternet.com email address and corresponding password you wouldn’t need to be a BT customer, you could steal free WIFI.

James Jeffery pointed out that you can just search google for site:pastebin.com + “@btinternet.com” you can get a list of these email addresses and passwords. Scary isn’t it?

Big deal though, someone can have some free WIFI… What if they used the same method to get into your your Amazon account, iTunes account or PayPal account using your email address and password (because you use the same password for all accounts). If you use a different password for every online service, then the damage is limited to the single account that has been breached.

This can be hard to manage and you can end up locking yourself out of accounts when you’ve forgotten the passwords. For this reason, we recommend using a password manager to look after this because these will generate Random, secure passwords for all your online services. It will keep them securely locked away and means you will only need to remember a single master password.

Additional to this we strongly recommend enabling Multifactor authentication on your password manager so that you also need a code from your Mobile phone when you login to your Password Manager. The reason for this is, should someone find out your master password, without also physically having your mobile phone they won’t be able to login.