Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

General Discussion

Showing Original Post only (View all)
 

UnrepentantLiberal

(11,700 posts)
Wed Nov 21, 2012, 08:56 PM Nov 2012

Kill the Password: Why a String of Characters Canít Protect Us Anymore [View all]

By Mat Honan
Wired
Nov 15, 2012

-snip-

Since that awful day, I’ve devoted myself to researching the world of online security. And what I have found is utterly terrifying. Our digital lives are simply too easy to crack. Imagine that I want to get into your email. Let’s say you’re on AOL. All I need to do is go to the website and supply your name plus maybe the city you were born in, info that’s easy to find in the age of Google. With that, AOL gives me a password reset, and I can log in as you.

First thing I do? Search for the word “bank” to figure out where you do your online banking. I go there and click on the Forgot Password? link. I get the password reset and log in to your account, which I control. Now I own your checking account as well as your email.

This summer I learned how to get into, well, everything. With two minutes and $4 to spend at a sketchy foreign website, I could report back with your credit card, phone, and Social Security numbers and your home address. Allow me five minutes more and I could be inside your accounts for, say, Amazon, Best Buy, Hulu, Microsoft, and Netflix. With yet 10 more, I could take over your AT&T, Comcast, and Verizon. Give me 20—total—and I own your PayPal. Some of those security holes are plugged now. But not all, and new ones are discovered every day.

The common weakness in these hacks is the password. It’s an artifact from a time when our computers were not hyper-connected. Today, nothing you do, no precaution you take, no long or random string of characters can stop a truly dedicated and devious individual from cracking your account. The age of the password has come to an end; we just haven’t realized it yet.

More: http://www.wired.com/gadgetlab/2012/11/ff-mat-honan-password-hacker/all/

34 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
k&r! nt wildbilln864 Nov 2012 #1
If you're goofy enough to use AOHell customerserviceguy Nov 2012 #2
I trust my Gmail account Canuckistanian Nov 2012 #9
The GMAIL password is in clear text format for the Tech Support and AdWord folks to see. n/t TheBlackAdder Nov 2012 #12
Really? wtmusic Nov 2012 #27
Read the entire link, plz 3c273a Nov 2012 #3
A chunk of my own security is about screwing up the password reset questions Posteritatis Nov 2012 #4
The set-your-own-question password seems pretty solid. XemaSab Nov 2012 #10
Enter two-factor authentication. n/t ProfessionalLeftist Nov 2012 #5
And text messaging makes our phones the second factor. gtar100 Nov 2012 #30
LavaBit email doesn't provide a "Forgot your password?" option Shankapotomus Nov 2012 #6
i get his point behindthe8ballnchain Nov 2012 #7
wow..that is scary AsahinaKimi Nov 2012 #8
Ech. Misrepresentative title. wtmusic Nov 2012 #11
Mine has 11 characters. UnrepentantLiberal Nov 2012 #13
Does password complexity really matter? Jim Lane Nov 2012 #14
There are devices and computer programs that do that much quicker. UnrepentantLiberal Nov 2012 #21
Probably not. wtmusic Nov 2012 #26
I use an 18 character passphrase RomneyLies Nov 2012 #19
As long as your dog's name wasn't Max, you're probably ok nt wtmusic Nov 2012 #23
I use numerous email accounts with multiple providers. Edweird Nov 2012 #15
Both my banks and my email require that I NYC Liberal Nov 2012 #16
all someone has to do is access the email servers to read your email hobbit709 Nov 2012 #17
I am not sure passwords are going to become extinct MyNameGoesHere Nov 2012 #18
I actually wish there was a replacement for passwords. Tracer Nov 2012 #20
I keep a password safe application on my smartphone for that purpose. backscatter712 Nov 2012 #25
The myth of the secured, networked computer. There has never been such a thing, Egalitarian Thug Nov 2012 #22
I've got so much stuff on Google that I took the precaution of activating 2 factor authentication. backscatter712 Nov 2012 #24
The same can be said for your home. Passwords are just locks on doors. gtar100 Nov 2012 #28
the main point seems to be that passwords ARE good protection, just don't have a silly one unblock Nov 2012 #29
Dumb dumb. Can't find me on google and certainly can't find the SWTORFanatic Nov 2012 #31
Great article, I learned a lot, thanks for posting! mrsadm Nov 2012 #32
Glad the article was helpful. UnrepentantLiberal Nov 2012 #34
Meh... I use my BofA ATM PIN as my password for every online account. n/t cherokeeprogressive Nov 2012 #33
Latest Discussions»General Discussion»Kill the Password: Why a ...