People who don't take password security seriously by forgetting or using weak passwords are as bad as drink drivers, ruining the lives of others with their negligence.

According to Sophos, the average person has 19 passwords to remember for their various apps, accounts and logins (although that sounds a little on the low side in our experience). So it’s somewhat understandable when they are occasionally forgotten.

Repeatedly forgetting or mislaying passwords, however, is entirely inexcusable.

Serial password offenders are the drink-drivers of the 21st Century

Every time your password is “forgotten” or lost or you use a weak password, all the data associated with that account is at risk. You may think you’re prepared for the loss of your own data (you’re not), but there’s also the question of all the other people’s information you hold.

Take your Gmail password for instance. A quick trawl through your inbox will tell a cyber criminal where you live, who you bank with, which other websites you are signed up to, and who your friends and contacts are. Using that information they will also be able to glean important details about your buddies – enough to start committing identity fraud.

The fundamental interconnectedness of online accounts means that carelessly losing or using one weak password could be sufficient for a determined hacker to empty your bank account, run up debts in your name and completely destroy your credit record. A process they can repeat on every contact in your inbox.

Just like drunk drivers ruin the lives of other around them, so too do people who fail to take responsibility for their passwords. And just like drivers who decide to have one drink too many, those individuals who are careless with their passwords choose to place others in danger.

Lost passwords = lost jobs

As the border between home and work life becomes more blurred, there’s a chance that people “losing” or using weak passwords are also placing their employers at risk. Because in our experience, people forget or use easy to guess passwords at work much more often than they do their Facebook login.

Armed with details of your work accounts, cyber criminals can defraud your employer and their customers. According to government figures, the average SME data breach costs £310,000. But if you consider the reputational damage caused by being hacked, it’s no stretch to believe your business could go bust.

Loss and use of weak work passwords should be a disciplinary matter. However, if your employer is compromised by your “poor memory” you deserve to be fired. Immediately.

No excuse

The good news is that technology has come to the rescue of people too lazy to remember or make complex passwords. Modern browsers like Google Chrome can store login details securely.

But for comprehensive protection across websites and mobile apps, tools like LastPass can manage and generate all of your passwords. For just a few pounds these services will store and encrypt your login details, protected using a single “master” password. So instead of having to memorise 19+ passwords, you just need the one.

Which is well within the capabilities of everyone except the laziest, most careless user. So there’s no excuse for jeopardising the lives and livelihoods of the people you know. Unless you really don’t care.

One last thing - a password isn’t enough

No matter how many upper and lower case letters you squeeze into your password, modern computers are capable of breaking them. That ‘!’ on the end isn’t fooling anyone.

Instead, you should setup 2 factor or 2 step authentication on every account that supports it (like Gmail). As well as your password you will need to enter a PIN code before you can access the system. The clever part is that the code is sent via text message to your phone after you enter the correct password. So unless a hacker has stolen your phone, they can’t access your account even if they do manage to steal your password.

Which is pretty neat.

For more help and advice on sorting out your password problems to better protect your friends and employer, please get in touch.