To a human being out to get you? Of course. To a person looking for low hanging fruit to get into someone’s bank account? Less likely.
If it wasn’t a risk, then the advice to use different passwords on different sites wouldn’t be prudent advice.
That’s the point. The password schemes proposed in posts #52 and #40 are really weak variants of ‘just use the same password everywhere’.
But you can divide your passwords into equivalence classes.
In one class are all the sites where all that can happen is the hacker can logon to your identity, post a bunch of dumb stuff, play a game for free, or read your mom’s message about how her bunions are getting worse.
The consequences for any of this stuff are near-zero, and so you could re-use the same password for each of them.
All of this stuff is of no interest to a professional hacker, except to try that password on all of your consequential things.
So if you use the same password for the SDMB and your bank, and a hacker gets your SDMB password, the first thing he’s going to try to do is use that password on your bank. But he’s not going to re-try that password on Giraffe Boards and get you banned over there, and he’s not going to screw up your social media presence either, because he doesn’t want you to notice anything happened until weeks later when you’re going over your bank statement.
Each consequential password has to be different, so that if your bank password is hacked the hacker doesn’t get your credit card password or your retirement account password. But getting your Giraffe Board password along with your SDMB password is irrelevant.
That is exactly what I do. Banking and financial institutions get their own passwords. Other sites like message boards are of no concern to me. I don’t care if a hacker breaks into those.
Posted by Tapatalk from Mother Russia