Jun 102013

Did you think using a password was enough to protect all your personal and financial information? Think again.


The primary reasons why Passwords are a bad bet in the world of data security are:

  • Badly chosen combinations – Most people choose passwords which are combinations of phrases and numbers somehow related to their identities. This makes it easier to guess what the password it, when you have the relevant personal details. Even less secure passwords are frequently used, like names of characters, movies and TV shows!
  • Frequently forgotten or lost passwords – Those who go a step further and use complex character combinations as passwords often forget them, having to reset the codes time and again. It’s either highly inconvenient or open to interception when you keep resetting frequently used passwords.
  • Noted down in accessible locations – Creating strong passwords only to forget them is bad, but what is worse is noting down those passwords on a sticky note or the back of a flyer! You are just making it easier for someone with physical access to those to compromise your accounts.
  • Common passwords for multiple services – Using the same phrases or character combinations for securing accounts on multiple services like Email, Online Banking, Social Networking sites etc. increases the chances of getting sensitive information broken into. This tendency is inevitable for most people, and at least the logic used behind almost all passwords remains same – abc123, 1a2b3c, 123abc, pqr456, p4q5r6 etc.
  • Interception using Malware – Getting malware onto users’ machines as well as unsecured local area networks (LAN) makes it possible for hackers to intercept the information you type into password boxes via key loggers and IP sniffing tools. This would make even the strongest passwords worthless.
  • Hacking of Password database servers over the internet – In the past few years we have read reports of how servers of Sony PlayStation and other online services got hacked, followed by public release or exploitation of financial information of the customers leading to losses of several millions of dollars. Such large scale compromise makes any efforts you employ in securing your own account meaningless.

After reading all that, you must be quite anxious about how you can actually protect your sensitive information. Read about “Google working on replacing Passwords with Hardware Identification based Passkeys” to assuage your concerns.

Have you ever been hacked? Please share your experiences with us via comments below.

Samir Saurav Majhi
I'm a rolling stone, with diverse interests from Theoretical Physics to Ubuntu Gaming, Nature Photography to Buddhism. Basically, if you want to talk about ANYTHING, I'm your guy!
Samir Saurav Majhi
Access anything from anywhere with https://t.co/lOUlDOxzyy Free #VPN @windscribecom #tweet4data https://t.co/LCwt3yEeND - 7 months ago
  • Chuck White

    The challenge with passwords is that they represent one of the easiest means of implementing the “Something you know” Authentication mechanism. Other options in that category include KBA type authentication. The challenge with KBA is the level of tuning to get the appropriate user success rate without making the questions too hard for a legitimate user.

    That leads to the “Something you have category” which if implemented with an out-of-band solution provides a far more secure log in experience with a couple of drawbacks. One is people driven – implementing multi-factor authentication solutions requires forethought in implementation as it will impact the user experience. The other are more technical implications such as use of SMS text messages – in this case your authentication solution and the users experience is driven by the performance of the SMS gateway or other service that is distributing the One Time Pass Code (this also has limitations with signal availability. There are things like Open Authentication and a more software token based approach, that has more issue with smart-phone OS’s and things along those lines.

    All of that being said, multi-factor authentication does make a ton of sense in terms of securing personal data – at a minimum you can do things like reduce password lengthcomplexity which drives better practices in terms of keeping and maintaining passwords.

    At the end of the day, it become a decision of how much security vs convenience an end user requires. That being said the user that asks for convenience is simply asking for it.

    • That’s a great comment!
      I would think that using MFA might lead to several options in terms of authentication methods.
      Hardware (preset “keys”),
      automated software (code generators),
      dynamic (codes via SMS or email),
      photographic (live video of your face or upload a picture of your face etc.),
      preset security answers,
      The less you rely on multiple networks the better I suppose – just internet rather than internet + mobile in case you are using a tablet, desktop or notebook. As the number of regular smartphone users rises, I suppose this problem will fade.

      Although what you said about asking for convenience is good for more valuable services like online banking sites and anything involving money, imagine people logging onto FB, Google and Twitter via MFA 😛
      Unless they lose access to their accounts, most people I know would rather use the same simple (alphanumeric) password on 90% of websites and that too somehow personally related to them!