Privacy and Information Security | University of Illinois

Why You Should Use Different Passwords

Using the same password for all of your accounts is like having one key that unlocks every door in your life. It would be extremely unwise for a person to just rely on one key to unlock the doors to their home, their car, their office and their safety deposit box, because if that key were to get lost, it would simultaneously create multiple high-risk situations that need to be addressed quickly.

The same principle applies for when people reuse the same password for their email, their bank account, their credit cards, and their University of Illinois accounts. If you use the same login credentials across the Internet, then it won't take long for a savvy hacker to identify multiple places they can use your stolen password.

A different concern when reusing passwords is that a site with strong login security (e.g. your bank) might have its extra security measures rendered useless if you use the same login information on a web site with weaker security (e.g. a fantasy sports site or a cooking site). A hacker who has compromised the weaker site now has the correct credentials for your bank's web site. When you share login information on multiple web sites, even the best protected web sites become only as secure as the weakest site that uses the same login information

Therefore, it is crucial to use different passwords for different types of accounts. This doesn't mean every single account you have online needs its own password. You can reuse a password on web sites that can't cause you any harm. But if a web site is storing personal information, especially credit card or financial information, then it needs to have its own unique password. In addition, if you have any of the following types of accounts, you should use unique, strong passwords, for each:

  • Your email account
  • Your University accounts (particularly, your NetID)
  • Online bank account
  • Online credit card account
  • Online tax preparation accounts
  • Your social media accounts
  • Any account that stores personal data about you (home address, financial information, etc)
  • Any account that someone could post information in your name that would be damaging to your reputation