Are your passwords safe?
An excellent AP story describes the dilemma most people encounter with passwords today:
Scandinavian countries are among the leaders as many online businesses abandon static passwords in favor of so-called two-factor authentication [which uses a combination of a simple PIN and a complex code that's randomly generated for eacg transaction].
“A password is a construct of the past that has run out of steam,” said Joseph Atick, chief executive of Identix Inc. (IDNX), a Minnesota designer of fingerprint-based authentication. “The human mind-set is not used to dealing with so many different passwords and so many different PINs.”
When a static password alone is required, security experts recommend that users combine letters and numbers and avoid easy-to-guess passwords like “1234″ or a nickname.
Stevan Hoffacker follows those rules but commits a different faux pas: He uses the same password everywhere, including access to multiple e-mail accounts, Amazon.com, The New York Times’ Web site and E-ZPass electronic toll statements.
In such cases, should hackers or scammers compromise one account, they potentially have one’s entire online life.
“This is one of these things that if I stop and think about it, it is not good, but I do my best not to stop and think about it,” said Hoffacker, an information technology manager in New York.
I once used a handful of passwords for all Web sites. Now I use randomly generated passwords for everything, and I use RoboForm to keep track of them. I can carry the password collection around, in encrypted form, on a USB flash drive.
I no longer know my password for many sites, but that’s OK. The risk that someone who stumbles across one password could then go and try it at every site I visit is too great for me to tolerate.
Great recommendation. Thanks for sharing this. I like roboform too, that is a good way to manage it.