Recently, while watching an episode of the medical TV series Grey’s Anatomy with some friends, one of my friends asked me why it was so important to use different passwords for every website. Since the friend was in the medical profession, and we were watching a show about surgeons, I thought, let’s make an attempt at a medical analogy. The conversation went something like this:

Me:

Would you want a surgeon to use the same exact bandages from one patient to another? I mean the same exact piece of cloth.

Friend:

Probably not

Me::

Why not?

Friend:

Well because they might be dirty or infected?

Me:

Why is that a bad thing?

Friend:

One patient could get another patient sick?

Me::

What if the doctor is really careful? Say they check to make sure there is no disease on the bandages?

Friend:

It still seems like a better idea to use new, different bandages on every patient.

Me:

Well, it’s the same with passwords and websites. Think of your passwords as the bandages, and your websites as the patients. When you use the same passwords [bandages] on all your websites [patients], if one website [patient] is compromised [sick], then all the other websites [patients] are at risk as well because you are using the same password [bandage].  Let’s extend this a bit. When someone in the hospital gets a highly contagious sickness, what do you do?

Friend:

We isolate them and take extra precautions so that the sickness doesn’t spread to anyone else.

Me:

So you are isolating the patient so that they can’t get other patients sick, correct?

Friend:

Yes.

Me:

Well, when you use different passwords, that’s what you are doing as well, isolating potential problems.  You see, whether someone gets your password from looking over your shoulder while you type, or they get your password because they steal it from a site that doesn’t protect your information, the outcome to you is the same. If you use the same password on all of your sites, someone who has access to the password for one site, has access to all of your sites. This is why you should use different passwords for each of your sites.

Friend:

Ok, that makes sense. But then how is putting all my passwords in one place, like in Mitto, safer?

Me:

That’s a great question. So when surgeons prepare for surgery, what do they do to protect a patient from getting an infection?

Friend:

They scrub in.

Me:

So they wash their hands. What else?

Friend:

They wear gloves, protective masks, and head coverings.

Me:

And?

Friend:

They use sterile equipment, they prep the area on the patient where the surgery will happen.

Me:

And.

Friend:

They work in a sterile operating room. You know, a number of other things.

Me:

So they do a number of things?

Friend:

Yes.

Me:

Why not just wash their hands?

Friend:

That’s not necessarily enough.

Me:

Exactly. They go through a number of steps to protect the patient, and the same is true with Mitto. To access a Mitto account, a person always needs to go through at least two layers of protection. If someone gets your Mitto password, that’s not enough for them to access your account. They’re going to need to also have enter a unique code which is sent to your cell phone, answer additional security questions, or have access to your remembered private computer. There are several security steps taken to protect your information.

Friend:

OK. That does make it more difficult to gain access to my Mitto account. But if someone got my password, and also got a hold of my cell phone, they could get into my account, right? I mean, the extra steps are still potentially beatable?

Me:

Yes. But let me ask you this? If given the choice to have an operation in an operating room where multiple protections were in place or in just a room that was just cleaned, which would you chose?

Friend:

The operating room.

Me:

As would I, since they take a number of steps to protect me as a patient from getting an infection. As far as it goes in the online world, there is no one thing alone that provides sufficient security for your passwords, and so the best way to protect them is securing them with many layers of protection. That’s what Mitto does for you and your passwords.

Friend:

OK, so I can see now why it makes sense to use different passwords. Before Mitto, there is no way I would have been able to do that AND remember them all.

Me:

Great! Just make sure that you never use your Mitto password for anything else.