The massive login attack at the beginning of this year once again showed that passwords online are not necessarily secure. This problem is growing and everyone is vulnerable.
Without a password manager, it is almost impossible to use passwords securely online. Every website with bank level security, where we log in with a super strong password, is only as secure as the vulnerable cheap-tickets-websitewhere we have logged in with exactly the same password.
When the weakest link is hacked and the cheap-tickets-website data is obtained, the entire chain falls apart. Anyone can take your e-mail and passwords out of the rubble and then roll them in through the front door of another secure website.
This is extremely frustrating. Any hacker who makes a little effort can retrieve a huge list of stolen login data from data leaks. Then all he has to do is scan the list to find your email address, find passwords you've used before and try to log in to other sites right away. If you have reused the password on another website they can log in without any problems if you are.
What can you do?
As an internet user, you can do a lot to protect yourself online. You can start by using a password manager (such as Lastpass) for all your online accounts. You can use a free password breach notification service such as "Have I Been Pwned" for early warnings of data breaches that may reveal your personal information. And you can make sure that you use two-factor authentication (2FA) wherever it is available so that a broken password alone is not enough to log in.