Warning! Please Don’t Do This.
Hey guys and gals.
I've begged. I've pleaded. I've jumped up and down waving my arms and screaming.
But, still … you're not listening.
Another of my dearest friends suffered because she wasn't using a separate and unique password for each and every site she signed up for.
The hacker got hold of one password and used that info to get access to her domain registration. He took her main domain.
So, once again, I hate to be a pest but I'm going to be one anyway. Because I HATE to see good people suffer. It really makes me angry and sad.
One more time for posterity. Here's how you're at RISK.
—– STEPPING ON SOAPBOX —
Have you EVER signed up for an account anywhere online (including signing up for affiliate programs and article directories)? Maybe one or two? Or 200?
Well, if even ONE of those sites gets compromised, it may or may not be a big deal, right?
Right.
UNLESS you’re using the same exact email address, username and password on other sites.
If so, you could be in for a world of hurt. That hacker can now use automated software to keep trying that username & password on other sites – where you may also have accounts.
Perhaps you have credit card info stored, your Social Security number, important business contacts, or an established social media presence (like your Twitter account).
They now can lock you out of your own accounts and at least with Gmail, it's VERY difficult to get it back. Plus, if they get your Gmail account, they'll also likely get your YouTube account if they're connected. (Another reason to backup your YouTube videos.)
So, if this person hits those other accounts, you could lose money, have your identity stolen, turn off a bunch of your best fans, and ruin your reputation overnight.
And, you may not even realize that the first site has been hacked until after the damage has been done.
—– STEPPING OFF SOAPBOX —
That’s the bad news.
The good news is that it’s mostly preventable.
I’ve already shared my thoughts on the importance of password safety above. (To sum up: It’s important!)
“But, Nik”, you’re thinking, “how do you manage all of those passwords? It sounds like a lot of hassle to have a different password for every site!”
Well, I’ll tell you. I use a tool to handle it all for me, of course. Otherwise, it would be a mess.
I’ve used a few different password management tools over the years and they’ve all worked well, to an extent, but they’d only help so much.
Essentially, we usually have four pieces of data required for each account:
- login page
- username
- password
and if any of those four pieces of info was missing and I had to look it up, it would eat up my time.
The biggest problem for me was the time involved in each step. Let’s say I’d get an email that said “You need to log in and update your paypal info to get paid on your affiliate commissions….” but it didn’t say where or how. That’s when the trouble started.
First, I’d have to track down the log in pages. (WHY do people hide them so well?)
Then figure out my usernames. (Which, are often different.)
If I couldn’t guess my username, I’d try to recover it.
But, if I didn’t remember which email address I’d used, I was stuck.
And, that’s all before I got to the password part of things.
So, I’d get very frustrated. And it wouldn’t take much, because, as my husband says, I have the attention span of a gnat. So anything that I am stuck on for longer than about a half a second feels like an hour. (It’s not pretty.)
The tool I ended up choosing (and have used for awhile) is Roboform. I was using a free program, but it actually got corrupt and is now unreliable or I’d recommend that one, too, even though it isn’t as powerful.
I recorded a free video that you’re welcome to watch to learn more about how Roboform works, and to see it in action on my computer. While it isn’t perfect, it’s good. (I’d be lying if I said any program is perfect.)
Here’s the video and there’s my referral link under it to try Roboform free –
If this tool looks like something that can help you in your business, here’s the link to try it…
Please share your suggestions for managing your passwords below. I’m always open to alternatives.
Warmly,
Nicole Dean
PS. If you’d like to learn more about online business safety, I have created a short ebook about keeping your business safe.
You can check it out here if you’d like:
Keep your online business safe and profitable.
Click to Learn How.
Julia
November 29, 2011 at 2:26 pmHi Nicole,
thanks for the great post – I used Roboform for years, but being on a mac now really was in trouble. but now they have Roboform Everywhere which seems to be the solution I need, as I switch computers and OS very often…
Greetings from Germany,
Julia
Gary Anderson II
November 29, 2011 at 2:32 pmThanks for this EXTREMELY important post Nicole! (umm, I think). I’m skeeert now! 😛
I also used the same password for “many” of my accounts that I considered “Not Critical” (bank accts, PayPal etc.). Well, guess what?
Twitter “WAS” one of those accounts using the same password and it got Hacked! YIKES! But luckily the hacker used “My Twitter Name” only for a couple Links that they wanted spread out. They didn’t change my settings. I didn’t know until a friend told me…
So luckily I was able to change the password and save my Twitter account. YAY! 🙂
As far as My Suggestions:
For Mac-Users… I use “1PassWord”. It is a fantastic Password app for Macintosh, iPhones and iPads as well.
Thanks again.. although I feel kinda skeeert cause I’ve not change “all” 9 million passwords yet 😛
Gary Anderson II
aka- @GanderCo
Holly Ralston-Oyler
November 29, 2011 at 3:20 pmNicole,
Thank you so much for the reminder. When I started in the IM world Dr. Jeanette Cates introduced me to RoboForm. It is a great tool to use.
Holly
Loretta
November 29, 2011 at 2:21 pmRoboform is a lifesaver!
William
November 29, 2011 at 2:29 pmGreat Article Nicole. I started using Roboform about a year ago, and that is when I also started making my passwords 12 to 15 letters,numbers and symbols long. I just feel a whole lot safer. It’s so easy to remember just one password. Hopefully, everyone reading this will follow your advice. Like you said, nothing is perfect, but this is way better than what I had before.
Marya
November 29, 2011 at 2:57 pmHey Nicole, Is Roboform *supposed* to show the actual password for each site when you click on its listing in the Editor box? <:?
Nicole
November 29, 2011 at 3:05 pmYou can click on the little asterisk on the side (next to the password) and it will turn the password into asterisks and hide the text. 🙂
Marya
November 29, 2011 at 3:09 pmCool! Thnaks, Nicole 🙂
Lynette Chandler
November 29, 2011 at 3:12 pmYou know what is strange? I wrote to our email subscriber friends about creating a good strong password that’s easy for humans and still strong.
Anyhow there are lots of posts about security on our blog and one of the things that we try to impress upon readers is to avoid typing in your passwords as much as possible because sometimes you could run into a situation where keyloggers are maliciously installed. Keystroke loggers record **every single key** you press. That’s why system like RoboForm, LastPass, 1Password help in one way.
Rozlyn Warren
November 29, 2011 at 4:31 pmHi, Nicole,
How would I easily give a VA these crazy passwords so she can work in my programs?
Thanks!
Edie Dykeman
November 29, 2011 at 7:30 pmRoboform has really helped me out this past year, although I do know I still have accounts that need to have their passwords upgraded. Thanks for this strong reminder!
Jenny Dunham
November 29, 2011 at 7:03 pmThanks so much for sharing this, Nicole. It reminded me that there were some security features I had been putting off adding to my blog. I went and added them immediately.
It’s hard to keep up with all the passwords though. I use LastPass and also have an offline index card system. Hopefully, between the two of them, I can keep on top of everything.
Ruth
November 30, 2011 at 2:21 amThanks Nicole for reminding me again about this important topic. I’m getting roboform straight away.
Raj
November 30, 2011 at 3:01 amThis is something that I have not yet come to terms with. I lose a lot of passwords, then reset them via email and then have to use certain services! I guess a biometric integration that many laptops have is a very good service. It creates additional work, as one can have a unique password for every site and that password is stored in the biometric management system. It comes only when we swipe our fingers on the reader.
I had it in my old laptop, but don’t have it in my current laptop!
Melissa Ingold
November 30, 2011 at 3:57 pmThis is such an important topic. But even if you use a unique password for everything, you can still be hacked. All it takes is for them to get access your email account, like gmail, and use it to have a password reminder sent to that email address, then all they have to do is reset the password and login.
The dumb thing about gmail is you get locked out of your account, but then you do the password reset and it wants to send the email to your gmail account – uh, how do they expect you to get the password reset email when you can’t login in the first place?
I think the big companies need to step up their game when it comes to that simple “password reset” option, and provide other alternatives – like you have to call in from the phone number listed on your account or by using the IP address it captured when you signed up for your account. So if someone hacked into your email account and changed your password and security question, you would still have other ways to get back into your account. I know gmail has the 2 step verification, but most people haven’t bothered to turn that on, and that’s a big mistake.
Anyway, I just wanted to point out that it doesn’t always matter if you use a different password for everything online – sometimes you have to be very careful with your email address too because they can just reset the passwords for everything by having access to your email account.
Gary Anderson II
December 3, 2011 at 1:03 amHi Melissa.
YUP! I have experienced the Google acct problem before. The all-mighty, all knowing, smarter than anything Big-G couldn’t help me. So, still to this day I have no access the that account.
But Hey, they found a solution…. Now, they want your mobile phone # to create an acct. I do that, but I don’t like it too well.
I guess that’s just one of those things in life that you have to understand and accept the risk, but then keep on keeping on. 😛
Gary.
DeAnna Troupe
November 30, 2011 at 5:06 pmI guess I have some work to do. I was using an online service called passwordsafe to manage my passwords and then I got lazy and just started using the same password everywhere. This post is kind of a wake up call for me.
Jeff Wise
November 30, 2011 at 8:19 pmThank you for this very timely post! I’m getting to the point where I have way too many passwords and usernames to keep track of.
Even making secure pw’s and usernames writing them down is a hassle.
Cliff
December 1, 2011 at 10:44 amNicole – such an important post!
I’ve been using Roboform for a couple of years now, and can’t imagine doing without it. I especially like having to memorize only “one” very strong password to access my Roboform password library. Over time we end up with literally hundreds of different passwords, and there’s no way to remember them all – thats where the lazy part creeps in.
Great tip – thanks again,
Cliff
Marketing Strategies
December 1, 2011 at 10:07 amThanks, Nicole. My wife has been hammering me also about this, so I need to go change some passwords and usernames. I use a program called StickyPassword. There is also an equivalent free one called KeePass.
Nina
December 1, 2011 at 11:13 pmGreat article. I use LastPass.com for my passwords. I have Google Business account to protect my password. One needs to lock domains, GoDaddy offers some security.
I have been online since 1994 and have never had any issues.
cheap atv
December 6, 2011 at 9:59 pmThank you so much for the reminder. When I started in the IM world Dr. Jeanette Cates introduced me to RoboForm. It is a great tool to use.
d and g concepts
January 12, 2012 at 5:51 amI use LastPass.com for my passwords. I have Google Business account to protect my password. One needs to lock domains, GoDaddy offers some security.
Marketing Strategies
January 12, 2012 at 6:45 pmHaving your passwords on a website server is very dangerous. Assume there is no security on the Internet.
KeePass is a free downloadable program (open source) where the passwords are kept secure on your local computer. You are also able to use a flash drive making it portable and backed up.