As I logged into my NCAA tournament bracket today (I am tied for first, BTW) I was struck by the fact that my username and password for that login matched my username and login for an account at work.

So then I wondered: does the company hosting my bracket protect my login credentials with the same rigor as I would protect login information for a corporate account?  The honest answer was: probably not.

Password diversity is a part of password complexity that is often overlooked.  I think we all find a password we like and then stick with it or variations of it over time.  I am currently on mypassword24 on one of my accounts simply because I can easily remember it, can type it reliably and am not go-getter enough to think of a new password.

The problem with a lack of password diversity is that once one account is breached all of your accounts are breached or easy to breach if you are using the same password of variations of the same password.

It’s a pain to remember all of the passwords one has anymore.  I have at least 15.  Having them all the same or similar simplifies the task of remembering them, but the risk is fairly monumental.  Of someone compromises my tournament bracket password do I want them to be able to easily guess my mutual fund password, on line banking password or network login?  Not at all. 

So, just after checking my final four picks I went through every login I have and chose different passwords.  Each is in some way tied to the application I am using so that I have a sort of mnemonic for remembering them, but each is sufficiently diverse enough that someone who gains access to one will not easily gain access to another.