Monday, April 16, 2012

Open Sesame

(Image from Wikipedia, Password (Game Show) 

Passwords are a necessary evil. In order to participate in online shopping, file sharing, email, and myriad of other Web 2.0 or cloud conveniences, you have to have many passwords -- not to mention  suitable online usernames. The safest practice is to have a different password for every account and to change it often. That seemed like a good idea until I ran out of ideas! Now, too often I rely on the "Forgot my password" link and hope they don't ask me a personal question I can't answer correctly.

But it is an annoyance we put up with because we know too many examples of those whose identities were hijacked and used to send spam sullying their good name. That's nothing compared to having online banking compromised. We know better than to make it easy for the criminals, right?

Google recently has tried to consolidate all of your Google services under one login and several applications allow you to sign in using Facebook (so long as you allow them access to all of your Facebook information.) A single sign-on is the goal for everyone but it's also dangerous. The more services you can access with one login, the more damage a hacker can do with it.

In a November 2011 press release SplashData, a provider of password management applications, published the "25 Worst Passwords of the Year." The list was "compiled from files containing millions of stolen passwords posted online by hackers." Among the most common (guessable) passwords last year were:
  • password 
  • 123456 
  • 12345678 
  • qwerty 
  • abc123 
  • 1234567 
  • letmein 
  • trustno1 
  • baseball 
  • 111111 
  •  iloveyou    
  • passw0rd 
  • 123123 
  • 654321 
  • superman 
  • qazwsx 
  • football 

Do you practice safe computing?

No comments: