Using The Same Password Can Mean Trouble
Article by Rick Leinecker, February 15, 2007

This article gives you reasons why you should avoid using the same password for multiple logins. Unfortunately, it reveals some of my past escapades. I wrestled with how to present this topic without incriminating myself. I could have changed the names to protect the guilty. I could have created a fictional scenario with which to present the concept. But I finally decided to give you the story as it happened. Just remember that youthful indiscretions in the far reaches of memory are not the way things are now.

I belonged to a computer user group in Miami. There was one member who offended everyone with his abrasive manner. I'll refer to him as Bluster Boy. Everyone tolerated him to the best of their ability because he seemed to have strong contacts with all the major names in the computer and software industry. Nobody wanted to make him mad and risk losing out on the possibility of using his contacts.

My subscription to COMPUTE magazine arrived one afternoon with a nice game. The source code for the game was included on the magazine's disk, so anyone with a compiler could make alterations to the program and create a new version of the game. Aha, I thought. Here was my chance to get even with Bluster Boy. I altered the moving pieces in the game so that they were somewhat offensive. I then put Bluster Boy's name and phone number all over the program. Anyone who played the game would know how to reach Bluster Boy. You can only imagine my delight when I envisioned the future.

Altering the program was the easy part. The hard part was to distribute the game in such a way that no one would know who was responsible. After thinking for a few minutes, I had a solution. This was before the Internet became popular, when most people used what are known as Computer Bulletin Board Systems (BBS). These systems allowed computers to dial in via a phone line, and connect to a resource that included message boards and file repositories. If I could log on to a BBS and cloak my identity, then I was home free.

I ran my own BBS. There was a user who was a member of most of the local BBSs. He used the password "DUDE" on mine, so I tried his password on several other BBSs. Sure enough, it worked. He was using the same password on all of the local BBSs.

Late one night I logged on to the most popular BBS and uploaded the game. Almost everyone in town had a copy within a week. Mission accomplished.

This story incriminates me in my younger days, and may even be humorous. But it illustrates a very serious point. You don't know who can see your passwords. We assume that our passwords are kept in a secret place. When you log on to a Web site and create a user account, how do you know that there isn't someone at the other end who can read your password? If you are in the habit of using the same password for many resources, then your accounts could be compromised on them all.

I know it takes a lot of effort to have different passwords, but think of the alternative. You could fall victim to someone who has access to a database and look at a list of passwords. As tempting as it sounds, don't use the same password on important Web sites.

I have an exception to this rule for Web sites that don't matter. For instance, I subscribe to a lot of informational Web sites simply for the purpose of reading the articles. Examples of this are CodeProject.com and Experts-Exchange.com. If someone gains access to these sites with my user name and password, the worst that can happen is that they will be reading articles under my name. With this system I can have an easy-to-remember password for most of the Web sites I use, and save the hard passwords for the Web sites that require strict security.

That's my story about using the same password for multiple logins.