Do I have information that other people want? This question has prevented me from thinking too much about password security. I know a password on your computer or phone is important, because it discourages theft - the thief wants your computer or phone from which they can wipe all your stuff. Passwords on a FaceBook account, on the other hand, don't give a thief a shiny new piece of hardware that they can claim as their own. The same is true with a CS account password and most other websites that use usernames and passwords.
Reading The Cuckoo's Egg has given me a new view on password protection. There is a section where the hacker logs into a normal account with a simple password, then becomes a superuser through the vulnerability. This user had no idea that his easy password would allow a hacker to break into the rest of the system. This showed me that I have no idea what can be done with access to the various accounts that I have.
Using difficult passwords is also very important. It does not take very long for computers with gigahertz of processing power to use brute strength to iterate through all the words in the English language. I'm sure it wouldn't even take too long to iterate through a small combination of all words in the English language. This is why many companies are requiring that you have capitals, numbers, or punctuation in your passwords. This protection can be compounded when you don't even use derivatives of English words - the more random, the better.
The main problem I see with our world today is the fact that every single website asks you to create an account with a password. Then you have two options: develop a photographic memory to enable you to remember different passwords to each of your different accounts, or use the same (or similar) passwords for each of your accounts. Unfortunately, most people choose the latter. As soon as a hacker discovers the password to your seemingly innocent Twitter account, he has the password to bank account, and every other account that you've created. It is so important to choose different passwords, but it is so difficult to remember so many different passwords!
I think the key is to know what accounts need unique secure passwords. The two most important accounts are Banking and Email. The next step down in importance would be Amazon, Ebay, etc that remember your credit card information. Facebook, Twitter, Video Games, Blogs, Forums, etc. I think it is fine to have the same account information. It is less secure but it solves the problem of having to remember 15 different passwords.
ReplyDelete