Why You Already Have Different Passwords

Chances are you are already using different passwords for at least some of your systems. Because your different accounts requires you for different types of passwords.

If you have more than a few accounts, you’ll run into a variety or rules:

  • Requiring a number
  • Requiring an upper case letter
  • Requiring a symbol
  • Cannot use special characters such as &, %, etc.
  • Maximum 8 characters
  • Minimum 8 characters
  • etc.
A set of commonly seen password rules.
A set of commonly seen password rules.

And problem is – the rules implemented by different accounts are conflicting, so you will have a hard time to find a single password that works for all accounts (and you’ll come across new rules as you add new accounts which can invalidate your previous passwords).

So – besides the fact that having different passwords for different accounts reduces your risk shall you ever lose a password, you will have a hard time coming up with a single password in the first place anyways.

But there is one more problem if you want to use a single password – not all of your accounts are implemented securely.

You might think that there is some sort of password system that companies can buy and install, just like we can go out to buy cars and computers and put them together.

There are some systems like that. For example – this site runs on WordPress, and it uses the password systems that comes with WordPress. Anyone else running a WordPress website will have the same password system (unless they change it).

However, more often than not, many of the companies write their own from scratch. But not all of them do a good job.

To be fair – WordPress’s own password system isn’t a Farrari. It’s serviceable because WordPress is mostly used for blogs, so if it’s compromised the impact is limited. Systems like banks will need something much better than what’s available, so it’s often a custom job. ┬áBut not all systems are implemented with best practices.

For example, some of them will store your passwords without any encryption (hashing to be specific, but we won’t get into the details here), so any administrator will have access to the actual password if they peek into the database (which they have the access to). If any of them become disgruntled for any reason (we all know times when we hated the company we work for, right?)… we the customers are now hostage of the situation.

Even if all admins are happy as dolphins, if any hackers broke into the system, the passwords would be unprotected!

Problem is – you don’t know how your different systems are implemented! So you don’t know if they have done a good job or not.

So – don’t assume that your systems are implemented securely. They could very well be, but assume the least here will be a better approach than the other way around.






Leave a reply

Your email address will not be published. Required fields are marked *