We all have long and unique passwords for all of our internet accounts, right? Not according to the list of the most common passwords for 2018 with “123456” and “password” topping the list. Sure, some of those might be old accounts that aren’t important, or are they?
Besides a password manager, your email password is the most important password that you have; more important than your bank and financial account passwords. If you are going to have one really good password, use it for your email account (although, all of your passwords should be strong). The reason is simple, all of your accounts are linked to your email. If you got locked out of your Amazon account, how would you get back in? A password reset sent to your email. What about iTunes, Dropbox, or even your bank. You might even have business email accounts that use your personal email address as a password recovery option, comprimizing the security of your company.
Besides password resets, when you stop to think about what is in your email account, it might not seem like much. Unless hackers are interested in letters to your spouce or what you ordered on Amazon, it’s all harmless. Unfortunately this is not the case. There is a trove of information tangeled in your emails. Have you ever sent or received a file with your social security number on it (maybe a loan application or credit report)? How about your bank account or credit card number? Even if you have been dilligant about keeping “sensitive” information out of your inbox, there’s likely information that hackers will find useful.
Social engineering is the practice of gaining access to accounts using information gathered about the owner. For example, most internet accounts use security questions that can be used to reset or bypass your password. Some examples of these questions are “first pets name”, “mother’s maiden name”, and “city where you got engaged”. While an email to your friend about your new pet might seem innocuous, it could be a piece of the puzzle that allows hackers to gain access to your accounts.
This information isn’t only in your email account, think about what you have posted publically on Facebook, Instagram, or Twitter. Not only recently, but when you were yunger and blissfully unaware of internet security threats.
This is why security experts recommend using fake answers to security questions. Fake answers can be difficult to keep track of in the same way that good passwords are. Password managers, such as 1Password, make keeping track of good passwords and fake answers to security questions easy and secure. Just don’t use “123456” for your 1Password.