Protect Yourself With Passwords
March 19, 2008 || Filed under: Interesting
Find |
Original
Material
Personal identity theft is a huge and growing threat
to our online lives. It can literally ruin us.
Imagine losing your home or a bank account because
someone was able to assume your identity. Pretty
scary.
We've all seen movies where the technologically-advanced bad guys gain access to an electronic vault or use a supercomputer to break into a computer program which then allows them to siphon funds, undetected, into a Swiss bank account. It's sexy stuff for the movies, but its mostly flights of fancy that are very unlikely to occur to you or me. Unfortunately, there are real personal identity threats with real consequences out there. The most common threat is called social engineering and it's painfully easy to fall victim to it. You may have already fallen into its trap.
For this article, we'll stick to one facet of social engineering...capturing passwords. We'll do so because most personal identity theft starts with an ill-gotten password.
Your password is the key...and the bad guys want it. Yet many surfers just don't see the connection between an insecure web password and real world theft. For example, do you think the password to your email account is no big deal? I'd bet that same password can be used elsewhere on the Net to access your far more lucrative (and vulnerable) accounts.
Ever since there was the Internet, there were websites that needed passwords. They may look innocuous enough, but I strongly suggest taking the establishment of a new account seriously. Unfortunately, you can't trust every website to do what is right. As an example, if I wanted to socially engineer users for their personal identity, I could simply set up a website with promise of free products or a chance to win something. I'd make the site free as long as you signed up for an account. What would I ask for? Your email address and a password to access the site. Of the many passwords people enter, I might get a 3/4 'hit rate' using that same password on various other sites where that person used that same username and password combination. Perhaps they even use the same password for their bank account. Sound like you?
For this reason, my passwords and usernames change with every site I am visiting. I won't tell you my scheme, but if you don't have one...get on it immediately!
Here is a list of excellent articles related to passwords and why you must protect yourself...now!
SilverMarc's Blog Posting
G-Archiver Program Steals GMail Passwords
We've all seen movies where the technologically-advanced bad guys gain access to an electronic vault or use a supercomputer to break into a computer program which then allows them to siphon funds, undetected, into a Swiss bank account. It's sexy stuff for the movies, but its mostly flights of fancy that are very unlikely to occur to you or me. Unfortunately, there are real personal identity threats with real consequences out there. The most common threat is called social engineering and it's painfully easy to fall victim to it. You may have already fallen into its trap.
For this article, we'll stick to one facet of social engineering...capturing passwords. We'll do so because most personal identity theft starts with an ill-gotten password.
Your password is the key...and the bad guys want it. Yet many surfers just don't see the connection between an insecure web password and real world theft. For example, do you think the password to your email account is no big deal? I'd bet that same password can be used elsewhere on the Net to access your far more lucrative (and vulnerable) accounts.
Ever since there was the Internet, there were websites that needed passwords. They may look innocuous enough, but I strongly suggest taking the establishment of a new account seriously. Unfortunately, you can't trust every website to do what is right. As an example, if I wanted to socially engineer users for their personal identity, I could simply set up a website with promise of free products or a chance to win something. I'd make the site free as long as you signed up for an account. What would I ask for? Your email address and a password to access the site. Of the many passwords people enter, I might get a 3/4 'hit rate' using that same password on various other sites where that person used that same username and password combination. Perhaps they even use the same password for their bank account. Sound like you?
For this reason, my passwords and usernames change with every site I am visiting. I won't tell you my scheme, but if you don't have one...get on it immediately!
Here is a list of excellent articles related to passwords and why you must protect yourself...now!
SilverMarc's Blog Posting
G-Archiver Program Steals GMail Passwords
|