The Parable of the Busy Business Owner
– OR –
The Easiest Way To Get Hacked

Once upon a time, there was a busy business owner named Mike. He was getting frustrated with all these accounts and passwords he had to use for his business.

He had them written down in notebooks and sticky notes all over the place, but it was still taking so much time to remember and track them all.

One day, he decided he would just create a single password he could use everywhere. But he would make sure the password was long enough and tricky enough it would be impossible for any human or computer to ever guess.

His life became so much easier now that he only had one “secure” password to remember.

One day the business owner saw an irresistible advertisement for a new investment strategy that would help him double his returns.

He quickly made the purchase then created an account on the training course website. He completed the training, his investments grew and all was well… So he thought.

Years went by. Then one day he logged into to his email and found hundreds of bounced email notifications for messages that he never sent. It was clear he had been hacked and someone was using his email account to send thousands of spam messages to unsuspecting victims.

“How could this happen?!” he wondered. “After all, no one could ever guess my password in a millions years” he thought.

He was right. But the hackers did not actually need to guess his password.

All those years ago when he signed up for that training course, he signed up with his same email address and his same rock solid, hard-to-guess password he always uses for all his systems.

That website for the investment training course got hacked and turns out they did not encrypt any of their account information. So all of the email addresses and passwords were easily readable and right there for the taking.

The hackers took those email addresses and began attempting to log in to all the email servers using the corresponding passwords they found on that training site.

It was just a matter of time before they discovered that the busy business owner’s super secret, impossible-to-guess password also worked for his email account as well.

And it gets worse for poor Mike. Once the hackers gained access to his email account, they began to reset other passwords and access all of his other accounts at his bank, 401k, web hosting, etc.

This was indeed a terrible day for our friend the busy business owner. It took him many months and thousands of dollars to reclaim his accounts, recover lost funds, and resolve countless identity theft issues.

The moral of the story is – always use different passwords for every single system and never, ever, ever use your email password anywhere else.

Tips for Safe Password Management

1. Generate different and completely random passwords or passphrases for every single account. Tools like XKPasswd and GeneratePasswords.org can help you create strong passwords quickly.
2. Use a password management software like KeePass (Free, Trusted, Open Source) to safely store all the random passwords. Secure this software with a super secret, hard to guess password and never reuse it anywhere else.
3. Enable 2FA (second factor authentication) for all systems that support it. Avoid using email as the second method whenever possible. This will protect you in case of an email security breach.
4. Do not send passwords in email. You should consider email messages as public. You have no control over how safely the messages are transmitted, logged, and stored. If you must share access credentials with another person, use a tool like Password Pusher to send passwords securely.