Bad password hygiene
If you’re not using an account, you’re not going to remember to make sure it has a secure password. It’s already difficult enough to manage all the accounts you use regularly, so it’s understandable that you don’t think about updating those that are sitting there waiting to be cracked. This is a gold mine for hackers – especially if you make some of the most common password mistakes.
For instance, imagine that a cybercriminal is able to hack into a small online store and get customers’ personal information, including their credentials. The first thing they’re going to do is to try those passwords on lots of different websites and see if they’re lucky enough to crack into other online accounts you might have. If you have the bad habit of reusing passwords and skipping on two-factor authentication, hackers will be able to access several of your accounts. Of course, this offers them full access to your information, which they’ll use to steal from you directly or through spear-phishing attacks.
More likely to be affected by data breaches
Myspace was everything back in the 2000s. But when Facebook came along, people shifted to the new kid on the block. However, most users forgot to delete their Myspace accounts. Fast forward to 2016 when hackers attack Myspace, and over 360 million accounts created prior to 2013 are compromised. In short, profiles that weren’t being used for almost a decade were now being made available in an online hacker forum. Myspace is just one example – there are many more. The more accounts you have, the higher the chance for a hacker getting their hands on your information.
How to mitigate the risk of zombie accounts
The best way to protect yourself from the dangers of zombie accounts is to delete them. If you aren’t using them, you don’t need them. We highly recommend using a password manager to keep all your accounts in one place that you can easily access. Some password managers, like NordPass, sort passwords by the last time used, allowing you to quickly pinpoint older accounts.
But that only works going forward. What about those ghost accounts that you don’t even remember creating? Your best bet is to use a password manager that comes with reliable dark web monitoring, such as Dashlane. The software scans the dark web and warns you about any breached accounts associated with your email. This way, you can easily change the password for the affected account and then delete it.
Of course, you should always follow password best practices – even for accounts you regularly use. Reusing passwords is a big no-no, but you also need to consider your passwords’ length and complexity. After all, it takes a hacker less than 30 seconds to crack a password of five characters. Password managers are a big help, as they’re able to generate completely random passwords for you. For example, Keeper’s password generator creates passwords that go up to 51 characters and include letters, numbers, and symbols.
Still, making sure that all your accounts follow good password hygiene practices is challenging. That’s where a password audit comes into play. For instance, 1Password Watchtower goes over all stored credentials and warns you about any repeated or weak passwords, allowing you to swiftly update any account at risk of being hacked.
Daniel C.
Inês P.
User feedback