We all know we should have a different, complex password for every app or website - but most of us default to the same one we've used for decades, across everything.
After all, who's able to remember that many different passwords?
We probably all know, on some level, that this isn't ideal, but it can be a challenge to understand just why it's so bad to use the same passwords for extended periods over multiple accounts.
Advert
But that's been spelled out in clear terms by Justin Basini, founder and CEO of ClearScore.
Basini has listed a bunch of useful tips in Metro.co.uk about cybersecurity, and what he says about passwords is particularly chastening.
"If you’ve used the internet in the past 15 years, it’s almost a certainty that your passwords and usernames will be out on the dark web and available for criminals," he wrote.
Effectively, the number of times that websites, apps and services have been hacked in the last couple of decades is scarily high and, in many cases, these hacks can result in databases being shared through the dark web with user details in them.
These often don't pair usernames with correct passwords, but the sheer fact that a text file might exist out there on the dark web with your password written correctly in it might send a shiver down your spine.
In good news, you can quite easily check whether your details have been compromised like this. Basini's own company makes a free tool called ClearScore Protect which scans the dark web for your details to see and alternatives like the one offered by Experian are also well-regarded.
Hackers can use these databases to help try to crack into accounts that they're targeting, so if a password of yours is ever compromised on a given account, you shouldn't just change it there, but on every account it's attached to.
Ideally, these should all have unique and complex passwords, something made a lot easier by password managers like 1Password or LastPass, as pointed out by Basini.
Another great way to keep yourself safe is to always enable two-factor authentication where possible, Basini advised.
This requires two login credentials, a password and a code sent to a secure phone or email address, and is well worth the extra time it eats up.
Basini writes that "it’s a must for sites containing your personal or sensitive information, such as mobile banking apps", and you won't find many people arguing against that.