Don’t take passwords lightly

Listen to this sane advice from this renowned techie columnist Bob Cringely, who has an intelligent ear to the ground all the time, or perish!

CHANGE YOUR DAMNED PASSWORDS!! Most people don’t do this — ever. They have one or two passwords they use for everything, often associated with one or two user names. If a system forces a password change they’ll move to password B in hopes that when the next move is forced they can move back to password A. If you have an eight-character password that mixes numbers, letters, and non-alphanumeric characters in various combinations of upper and lower case — in other words a REALLY GOOD password — I can pretty much guarantee you’ve been using that exact same password since 1998. People are lazy. People don’t want to learn arcane eight-character passwords on a regular basis.

But identity thieves aren’t so lazy, especially when they have technology to help them. They can start a sweepstakes website that requires only free registration to win that cruise of a lifetime to Bora Bora. And in doing so the thieves can know that a majority of registrants will use a username and password combination that they also use at a lot of other sites, like bank and brokerage accounts. Not only don’t they need to actually award the cruise, they don’t even have to break into your bank account in order to benefit from the username/password combo. They just sell that information to another crook.

That crook knows your name, address, and likely username and password. Forty percent of the people in your town use the same bank. Fifty percent of his stolen usernames and passwords are valid. Forty percent of bank customers use online banking. Add this all together and that crook has more than enough information to raid the bank accounts of enough folks to make his day and ruin theirs.

It doesn’t take just a fake website to accomplish this kind of phishing expedition. There are thousands — probably tens of thousands — of web operations that require user sign-ons but don’t do anything to protect the user database from being stolen by employees. “We’re not selling anything,” they tell themselves, “so it doesn’t matter.”

It matters.

Half my credit card accounts now require me to go through an elaborate e-mail validation scheme if I try logging in from a new IP address or from a computer lacking the proper cookie. Half don’t require this. The half that do were probably the targets of some huge and successful crime spree — a spree we never heard of because it was never made public. Billions of dollars are ripped off this way each year from banks and other financial institutions but we never hear about it because that might encourage more crime.

So CHANGE YOUR DAMNED PASSWORDS and put an end to this kind of scam. Perhaps remembering new character strings will help to stave off Alzheimer’s.

So, don’t forget to change your passwords every Tuesday, and remember the new passwords – may be it is a good idea to tattoo them between your toes!!

Tagged on: , ,

2 thoughts on “Don’t take passwords lightly

  1. Sue

    Billions of dollars are ripped off this way each year from banks and other financial institutions but we never hear about it because that might encourage more crime

  2. Pingback: eeyy » Don’t take passwords lightly

Leave a Reply

Your email address will not be published. Required fields are marked *