Is it a bad idea to have a different username and password for everything?

[Sweet Dreams 1,892]

I have the name RAWR.cat on a lot of sites.

And my password is always the same. I think having the same password and username is useful for remembering, but you could always just write all the usernames and passwords down so you remember, or use one of the apps you can get where you store notes and stuff and need to put in a password to access them, if you wanna be safe.

[ChoroChii 284]

As long as you can remember them all, it's good to have different passwords in case of hackers and I don't know, different usernames is pretty creative and I guess could prevent stalkers.

[Untitled Goose Q 5,136]

As said before, having different usernames does add an extra level of security, but one that is probably not going to be necessary.

 

As for passwords though... I use the same password or variant on most things, the things I don't really mind if they get hacked. But for the important things, (email etc), I use entirely different passwords.

 

Of course, if someone should gain access to your email... Usernames and passwords matter very little.

[Appleloosa 90]

I'd normally say yes, it's good. I don't because I have some delusional image in my head that I'll be some kind of famous gamer one day, so every account I have is some variation of "ditzy Doo" my passwords vary though.

[Legacy Dash 438]

I have a single username, which I got when I was about 9 - when signing up for Cartoon Network, which I have kept to this day.

 

Passwords, I have one or two, which probably isn't the best idea, but I be sure to make it a complicated one. Still don't recommend having one password though. When you are as forgetful as me though, you'll probably want only a few passwords - or an program to store all your passwords.

[RubyVesper 100]

I actually use the same password for everything, but it doesn't get hacked. Why? Because it would take 25000 years to do so... It's quite strong. I just make sure I've got the password memorised forever, seeing as I did not want to write it down in any way, shape or form, so that there is no chance a hacker could do a workaround.

[Winona the Dog 1,981]

I have different names and passwords for everything, but I have a written record of everything for the sites I use just in case I forget. That way my chances of being hacked are low and I can always look up my forgotten accounts in case I forget them.

[Celtore 2,769]

Security wise, this is the ideal thing to do so hackers don't have your master password... But I have a few issues with this mentality.

 

To achieve what practically every IT person wants you to do, you need to memorize an 8 character password with symbols, letters, caps and numbers for possibly over 8 unique sites. You could use some software to manage your passwords on your home computer, sure, but what if you need access to your email at the library? Can you remember which garble password you need? A computer program certainly could at any rate if you give it enough time. (Likely less than a week, significantly less if it's a local file being broken.)

 

As long as your password isnt something really obvious and it has a decent or even crazy length, that should really suffice. Passwords are just inherently flawed in general...

Edited November 11, 2013 by Celtore

[joeyh3 153]

I generally use a different password for almost everything. Most of the time I use randomly generated, long passwords (30+ characters) that I randomly generate and keep track of using a password manager (KeePass 2).

 

The only exceptions are sites where I don't intend on returning to them, such as sites that require registration to read an article or download a file or something. Generally I just use a short password and a temp email address (mailinator) to create accounts on those sites, and keep track of nothing, as they're not worth the effort to even open KeePass, and I don't want my email accounts being spammed.

 

As for usernames, I have a few that I go by, depending on the context of the site (personal, professional, work, etc). I really don't see the purpose of having different usernames though - those are usually public information, and a lot of sites use your email address instead of username for authentication anymore, so even if someone doesn't know what username you use on a particular site, if they know your email address, they can probably use that instead.

 

 

I actually use the same password for everything, but it doesn't get hacked. Why? Because it would take 25000 years to do so... It's quite strong. I just make sure I've got the password memorised forever, seeing as I did not want to write it down in any way, shape or form, so that there is no chance a hacker could do a workaround.

 

You may think that, but unfortunately, you are horribly, horribly wrong. Having a long password is great, as that makes it significantly more difficult (if not impossible) to brute force an attack, but even with a long, strong password, reusing it on multiple sites is still a very dangerous idea.

 

Why? Because the password is only half of the security. The other half is how the site stores the password. Ideally, a site will be salting the password (adding random characters to it) and encrypting it with something like Blowfish/Bcrypt, which is very CPU intense compared to other encryption methods, making decryption of the password realistically impossible.

 

However, not all sites follow good security practice. A lot of sites encrypt passwords using a very weak hashing method (such as MD5), and some sites don't even encrypt your password at all, instead just storing them in plain text in the database. And if a programmer stores a password in plain text, that likely means that they aren't too good with security, so I'd imagine that such a site would be easily susceptible to stuff like SQL inection attacks.

 

So imagine you use the same email and password to sign up for ten sites. The first nine sites use BCRYPT and a password salt, and all database queries are "prepared statements" (prevents injection attacks) - ain't no one ever getting your password from those sites, it's safe.

 

Now imagine the tenth site was made by an idiot. The passwords are stored in the database in plain text, and the database queries are not sterilized/protected from injection. Some attacker comes along, executes an injection attack, and guess what - they have your password, and can get into your account on the first nine sites.

 

Oh, and that's just the start of it! If they get both your email address and a password from a website, you wanna know what the first thing they're going to do is? They're going to go to whatever email host you use, and see if the password they got lets them into your email account. If it does, they can see all the other sites you signed up for. Even if you used different passwords on those sites, they can simply use the "forget password" link on those sites, and have a reset sent to the email account they just compromised. Your bank accounts, online shopping accounts, Skype account, forums, online games, everything now belong to someone else, because you kept using the same password over and over, and entrusted an idiot webmaster with your password.

 

Did I scare you? Good. Now quit using the same on multiple sites.

Edited November 11, 2013 by joeyh3

[Bunches 81]

I think it's fine... it's just a lot you will have to remember. I have many different passwords & things so I keep them written down in a book.

[LastChanceConnor 25]

Like others have said, it depends on your ability to recall the information for your log-in. I have six different passwords for nine websites.

Edited March 29, 2020 by LastChanceConnor

[Oblivion 20,265]

I mean it's a good thing to do except the fact that I always FORGET so I always try to keep everything uniform. 

[Lucky Bolt 34,914]

It's actually a really good security thing. 

[Splashee 28,537]

My password is often "Gorilla" with different upper and lower case letters. It is good for security to have different passwords on different sites, but when you can't, a variation is definitely still needed! Think about your security! <3

[EpicEnergy 22,054]

I think it's a good idea, just as long as you have a way keep up with all of them.

[Stone Cold Steve Jobs 22,410]

It’s more secure to use different passwords and to change them regularly. You should incorporate numbers and symbols as well and avoid any predictable entries. However the more complex your password the more difficult it can be to remember. How you store them is up to you but it’s important to stay safe. 

[Venomous 18,813]

From what I’ve heard, it is actually a good idea to have different usernames and passwords for every website you join. It helps decrease the chance if your information being stolen or something.

[Splashee 28,537]

I always put my complicated passwords on a note and tape it to the monitor, so I will remember them

[Bastian 13,319]

It would be safer to have different and complicated passwords but how would you remember them? I had to change my google account password because I forgot it! Since then I take screenshots.

[Jesse Terrence 2,963]

Depends. Securitywise, it is highly recommended, given you won't be losing everything if you get phished or hacked. Practicalwise, that's one hay of a nightmare.

[applesjck 5,601]

Security wise, yes it’s recommended. Although, if you don’t write everything down there’s a chance you might mix the users/passwords up! 

[Early Sunsets 2,106]

I used to just use the same password for everything, but in recent months I've changed everything and I have all my passwords and such written down and hidden. Using random letters and numbers is a bonus.

[ToastedScone 378]

I have different usernames depending on fandom (ToastedScone is ONLY used for pony stuff), but they usually involve scones in some way no matter where I am. That, or they involve Waver Velvet; my passwords are ALWAYS different, though!

[CypherHoof 26,479]

I have a different password for everything, but only a limited number of usernames; they are usually my birthname, unless the site is one where a persona is expected (such as my ponysona here)

[Xoomy228 418]

It depends. If you want an unified identity across certain platforms it can be good to have a shared username. If you want more anonymity it's better to have different names.
If you ever wonder how people find nasty things about somebody it's usually they have certain usernames, email names etc common across many services which can be easily traced back by basically a google (or whatever search engine) search.

Changing up passwords is a good idea. Ideally you have different passwords, you stop auto logins and store those passwords on a piece of paper. I may be old school in that regard.