Well your probably not alone. Nearly two thirds of Australians use the same password across more than one of their online accounts according to Paypal. Australians love new technology. According to a global survey by Google, Australia has one of the highest smartphone penetrations in the world at 37 per cent just behind Singapore and we’re also consuming more applications (apps) than the US or Britain. A leading National Fraud Security Expert (ex hacker) has told us that one of the most common ways hackers breach your personal security is to target sites that are more vulnerable and less likely to have high levels of security such as your bank or your work VPN. So how secure is your company’s digital assets? Do you even know the level of encryption your site has? Do companies have a responsibility to protect user passwords?
More than one in five Australians have experienced some form of identity crime (source: Veda Australian Debt Study March 2012), at an estimated cost of more than $3 billion per year (source: Australian Bureau of Statistics, 2010).
A concern when reusing passwords is that a site with strong login security (e.g. your bank) might have its extra security measures rendered useless if you use the same login information on a web site with weaker security (e.g. a fantasy sports site or a cooking site). A hacker who has compromised the weaker site now has the correct credentials for your bank’s web site. When you share login information on multiple web sites, even the best protected web sites become only as secure as the weakest site that uses the same login information
Creating a secure password
Use a password generator, which come in the form of offline programs and Web sites. Many password managers like LastPass or Dashlane also have built in password generator tools.
Microsoft offers its own online strength checker, and promises that the form is completely secure. Mac users can to check their passwords’ security.
Any time a service like Facebook or Gmail offers “two-step verification,” use it. When enabled, signing in will require you to also enter in a code that’s sent as a text message to your phone. Meaning, a hacker who isn’t in possession of your phone won’t be able to sign in, even if they know your password.
You only have to do this once for “recognized” computers and devices.