Thursday, February 23, 2012

Passwords: Don't use just one!

A headline this morning caught my attention while scanning the BBC-UK news. It talked about a problem at a very popular website. Because of sloppy security, the server on which they store visitors' emails and passwords was attacked and many thousands of email/password combinations were stolen. The article notes that for those who use the same password for all their sites, this could be a serious problem.

The article offers this good advice: "If you’re still using the same password on multiple sites, this rather embarrassing lesson should act as a warning," said Graham Cluley, senior technology consultant at Sophos. "When users sign up for an online account, they have very little guarantee about the protection of their account information. It’s therefore essential that users use different, hard-to-guess passwords for every online account so that if their details are published online, hackers can’t use them to access other sites where they may be able to cause considerable financial damage."

Please tell me you don't use the same password everywhere! Apparently, based on the article, a good number of people do. Is the password you use for your online banking, Amazon shopping, and Google mail the same? OMG! Are you stupid?

A favorite tactic of scammers is to get an email address and one or more associated passwords. Then, using fairly simple programming, they start using the combination to try logging into places where they can make purchases or withdraw money. It is a numbers game. It costs the scammers almost nothing to check thousands of passwords against thousands of secured web sites, so even if 1/10 of 1% of people are stupid enough to use the same passwords, they can access lots of money.

When creating a password, consider whether the site you are accessing can ever involve transfer of funds. If so, you need a secure, unique password. For other sites, you might be safe using a "throw-away" password that you wouldn't mind losing. Think carefully about which you are dealing with and act accordingly. Never use an important password twice.

Don't be stupid!