what does it matter if I have a strong password

Options
JosueAlexander
JosueAlexander
Community Member
edited August 2014 in iOS

this question just came to my mind... what does it matter if I have a great strong password for my evernote account, for example. when all they really need to get into my account is my email password, same case for all my accounts they are all linked to an email, so really what they need is to crack that one password and then just click on "I forgot my password" on every one of my accounts to get an email with an option to change the password.

Comments

  • Megan
    Megan
    1Password Alumni
    Options

    Hi @JosueAlexander‌

    Great question! Strong and unique passwords are definitely important. Your statement here specifically requires that someone has access to your email account. This is certainly something to be aware of, but breaches happen on all sorts of non-email accounts. In fact, I can't think of a recent breach that occurred with an email provider. Having a strong unique password for each site ensures that if someone does get access to the user information on hackedsite.com, they can't use that same username and password combination on bank.com, creditcard.com, or yourfavouritesocialnetwork.com.

    It's true that an email breach can be worse, for the reason that you mentioned, but I don't think the solution here is that nothing else should be protected. That's a little bit like saying,"If someone broke into my house they could get my spare car keys too, so I might as well leave my car unlocked."

    The other thing that to consider here is that the hackers are looking for large groups of data. If they hack mysocialnetwork.com and get a million records, they are simply going to go through them trying to find weak passwords. (If someone uses password as their password for one site, it's a good bet that they're using weak passwords in other locations as well.) So using strong, unique passwords on each account may significantly protect you if that companies' data is stolen.

    The thing to take away here is that, while it is important to have unique and strong passwords for all sites, it is even more important to have a strong and unique password on your email account, and to change it frequently to ensure that it is less likely that anyone will gain access to your data via this account. Of course, if you have an email provider that only allows you to have at most 8 characters in your password, do not use that email address for creating any online accounts. Just to be safe. :)

This discussion has been closed.