Tuesday, February 24, 2009

People practice poor password security

Read an interesting article tonight about password security. Turns out most people use the same one or two passwords everywhere they go online. That means if someone's password is compromised the attacker has access to on average about half of their digital accounts. Even if a user is extremely careful to keep his or her passwords a secret, consider this: some on-line services, like email and anything involving money, use encryption to protect passwords between your web browser and their server. But some services, like Facebook, do not use encryption. Just because the connection is secure at one web site and you keep your passwords a secret doesn't mean you are protected if you use the same password at Facebook that you use for your on-line banking. An committed attacker can easily sniff out passwords used at sites like Facebook and can identify connections at secure websites. Usernames are typically easy to guess so once an attacker has a password he or she has essentially has free range to about half of your digital accounts. This is why I use KeePass.

No comments:

Post a Comment