Tips, Tricks, Tools & Techniques

for Internet Business, Life, the Universe and Everything

RSS Feed



Do You Reuse Your Passwords? Are They Being Recorded As You Type?

16 November, 2007 (19:16) | Security | By: Nick Dalton

My favorite tech columnist Bob Cringely has an interesting post this week about reusing passwords across multiple sites. Conceptually we all agree that using the same username and password to login to your bank as you do for your email account is a bad idea. But in reality we are all lazy and we don’t want to memorize dozens or hundreds of passwords for all the sites we need to login to.

But Bob really drives home the point with the scenario of identity thieves launching a sweepstakes website for a cruise. All you need to do to enter the sweepstakes is to register on the site. A lot of people will use the same login credentials when they register at this site as they do for their bank. And of course registration requires you full name and address which adds up to a rather complete identity profile. Even if you don’t sign-up with suspicious looking websites, one of the sites that you are already registered with may have lax security and your registration data may become exposed.

So heed Cringely’s recommendation: change your passwords NOW.

A few years ago a friend of mine was building his own house. During the construction he had a large amount of money sitting in an account waiting to be portioned out to various contractors and suppliers. To earn maximum interest on the money, he had signed up for an account that could only be managed online. With this setup he was very concerned about a keystroke logger being surreptitiously installed on his computer and capturing his username and password for the bank account.

He was even considering purchasing a brand new computer that he would only use for managing that bank account. No programs would be allowed to be installed on that computer and no web surfing beyond the bank’s website.

I told him he was being overly paranoid.

My sentiments may have been accurate back then, but that is certainly not true today. Read this article series from CIO Magazine about how sophisticated online identity theft is today. Very scary.

In my Digital Security Report I talk about how you should setup your website to avoid having your digital products indexed by search engines. Loosing future sales to free downloads is bad. Having your identity stolen and your bank account looted is a lot worse. Make sure that you follow good password practices, have updated anti-virus and anti-malware software installed on your computer. And sign up for a credit monitoring service. Do it today.

Comments

Comment from Anjelicus
Time: November 20, 2007, 13:28

What’s the use in changing passwords if you have a keylogger installed on your PC )) You have to protect your info, personally I use PrivacyKeyboard and I’m sure that I won’t have to change password every week.

Comment from Nick Dalton
Time: November 20, 2007, 18:00

That’s a good point Anjelicus.
If there is a delay between collecting passwords using a keylogger and someone trying to use those passwods for illegitimate purposes, then changing your password frequently will provide some additional protection.

Write a comment