Cybersecurity Myths – my password use does not matter
Even with the gradual increase in cybersecurity literacy amongst the masses, there are still some myths that people follow religiously, even Cybersecurity professionals. I will set out to bust some of those myths here. Many of the myths have come from companies advertising products as a “silver bullet” solution, some of the myths are because the world has changed and the advice is no longer valid. Cybersecurity myths can be spread by well-meaning people, but you need to consider them with a “pinch of salt”.
In this series of posts about cybersecurity myths, I reveal some common areas of belief, and what you need to do.
My password choice on other websites does not matter
Commonly, there is a belief that for discussion groups, non-essential apps, and subscriptions – that the strength of your password does not matter. This is actually where you need to be even more careful with your password choice.

When we choose a simple[r] password for something that we consider “unimportant”, this could leave us open to future threats. Most of the systems that you consider to be important, like your bank, email, social media, work, etc. will be well protected. Hackers may try, but the chances of these types of systems being compromised are low (not zero, but low enough to trust). However, these “unimportant” services are a prime target for hackers. A discussion board, an app that you registered for a discount for a single visit to a restaurant/hotel/venue etc., or your $0.99 subscription to an online service – all of these systems are a gold mine for the hackers. These types of organisation may not have the same levels of protection and cybersecurity focus, or may be outsourced to a company that outsources to another, each company cutting costs and not protecting your data as much as they should.
Source: xkcd: How Hacking Works

When these systems are attacked, the hacker may not even directly exploit the data they have gained, but instead sell databases on the Dark Web. These leaked account details will then be used by other hackers to try on other systems that are more “important”, and if you have used the same password or other credentials, then they are in and have full control! For systems where you have supplied payment or credit card information, then your finances are at risk.
The use of simple passwords can also be a vulnerability in itself, as this may allow a hacker to log in to your account and get other details about you. With databases of leaked passwords, it is shocking how simplistic many people’s passwords are. However, this also shows my main point that many people will deliberately use simple passwords on “unimportant” systems, but these are the systems that get hacked more often.
To protect yourself, don’t use simple passwords, no matter what the system is. Don’t re-use passwords – particularly between “important” and “unimportant” systems. And as always, keep your eyes open for unusual activity, unsolicited emails, unexpected account reset notifications, and new transactions.