JumpCloud Office Hours: Join our experts every Friday to talk shop. Register today

Why Should You Avoid Password Reuse?



We’ve discussed elsewhere about how password complexity is fairly moot. So long as the application doesn’t allow your adversaries to make too many attempts at guessing your password, you’re reasonably safe.

The real issue that people are trying to solve with strong passwords is the risk that they will be compromised. Companies like LinkedIn get hacked and all of their stored passwords are stolen. In most cases they’ve been smart enough to hash and salt these passwords, but weak passwords can be reversed anyway. If you’re using a dictionary word, or anything fairly simple, an adversary can simply try each potential password against the hash and figure out what you’re using for a password.

But why do you care? The bad guy is already on your account. You can assume that they’ve read your private emails, downloaded your images, whatever. Sure, the damage on that particular site is done. However, more danger is to come. Bad guys intend to use that same password on other sites that they HAVEN’T hacked.

The analogy with physical locks breaks down here a bit, but imagine if it was possible to reverse-engineer and recreate your physical key by breaking into your lock. You’d be very wary of sharing the same key across different locks, right? Some locks are inherently less secure than others, both in regards to accessibility (like the lock that you use on your bike and leave in an isolated location) and in their implementation (those silly luggage padlocks). In that bizarro-world, when someone had the opportunity to crack your bicycle lock, then they’d have access to your home, and your car, and your safe deposit box. But that’s precisely the position most people put themselves into on the Internet.

That is the real vulnerability of passwords – their reuse. Some web applications are not very good about keeping your password secure. Having a strong password can (possibly) help keep your individual password safe on these occasions, but even that’s not guaranteed. Unique passwords ensure that your other applications are still safe even when one application is compromised.

Avoid Password Reuse With JumpCloud®

If you would like to put these password safety approaches into use, try the Directory-as-a-Service® platform from JumpCloud. We have a number of core password security mechanisms that you can try with your team, including password rotation, reuse, and complexity. We also are big proponents of multi-factor authentication which dramatically changes the game of password security.


Recent Posts
Learn how to prevent phishing attempts, protect Microsoft 365 identities, and make password changes easier for users. Try JumpCloud free.

Blog

Prevent Phishing of Microsoft 365 Identities

Learn how to prevent phishing attempts, protect Microsoft 365 identities, and make password changes easier for users. Try JumpCloud free.

WebAuthn provides secure access to web applications through the help of physical security key MFA. Learn more about implementing it here.

Blog

What is WebAuthn?

WebAuthn provides secure access to web applications through the help of physical security key MFA. Learn more about implementing it here.

If you do not have a directory service but would like more control over your network including WiFi/VPN, DaaS is an excellent cloud FreeRADIUS solution.

Blog

Backend FreeRADIUS with Directory-as-a-Service

If you do not have a directory service but would like more control over your network including WiFi/VPN, DaaS is an excellent cloud FreeRADIUS solution.