Wednesday, July 14, 2010

Are Your Passwords Really A Secret?

Are your passwords really a secret? For a lot of people, that answer is a resounding "no". And just so that you are clear, I'm talking about every single password you have. That includes your Facebook, your email, your bank, your computer and any other place that uses a password for authentication. Are your passwords really a secret? If you're answer is anything other than "yes," then you should seriously think about why.

Think about all the couples out there who think it's cute to log into each other's Facebook accounts. Or the ones that know each other's email passwords. What do you suppose happens when they split up? Is it still cute when they start defacing your Facebook page or lock you out of your own email account?

I knew someone while I was in college who's account on the school computers stopped working. There was some hiccup in Active Directory somewhere and she couldn't log in. Her solution? Instead of calling the help desk and having it fixed she just borrowed her roommate's password and would log in using her roommate's account whenever she had to use a computer in one of the school labs. And her roommate was totally fine with this! Think about the fact the the exact same credentials gave you access to a user's account on the lab computers, the course registration program, their Blackboard account, and their school email.

When I bought my Motorola Droid, I got it from a Verizon Store. The sales person I worked was very friendly and helpful. She turned on the phone and proceeded to activate it, just like they always do. Then she handed me a piece of paper and a pen, asking me to write down my Gmail username and password. She was genuinely surprised when I flatly told her "no." It turns out that whenever she asks customers to do this, they comply without any question. I mean we're talking about the password to your email account. The account to which all other online accounts are tied to and where reset emails are sent if you forget your password somewhere. And people would hand this over to a complete stranger who also, incidentally, likely has access to your billing information, home address, and maybe even your social security number.

I'm sure that everyone has probably had someone sit down in front of their computer and ask for the password so they can check something online. Whenever this happens to me I usually just look at the person and say "really?" To which the response is almost always "What? Don't you trust me." I hate to break it to you, but no, I don't trust you. At least not that much. And it's not that I necessarily think you will do something intentionally malicious, but I certainly don't trust you not to do anything foolish.

Ultimately whether or not you share your password with someone else is up to you. It all comes down to trust. How much do you trust another person? And trust is more complicated than whether or not someone will use your password to be intentionally harmful. Trust is also accountability. What are you going to do if you let someone use your password and they get phished or install a virus on your computer thinking it was a game? Also consider that a 2008 study found that most people use the same one or two passwords everywhere online. That means that while you might have only meant to share one password, but actually just shared half of your passwords, or maybe even more.

No comments:

Post a Comment