Skip to Content

Why the Internet Is Fundamentally Less Secure than It Used to Be

Your passwords are stored on more sites than ever—too bad you’ve never bothered to change them.

Your company’s data is only as secure as the weakest security of the most fly-by-night website to which anyone in your organization has ever given their password.

The Maginot Line: This is what your passwords look like to hackers

Think about that for a moment: One of your summer interns used the same password on your company intranet as they use on the hacked-together open source message board on which they swap stories with their friends about how awesome it was to do whippets around the campfire at last year’s Bonnaroo.

That’s why leaks of user data and passwords like the kind that are happening with increasing frequency are so devastating – no security system can protect a web application from a user who has the keys required to get in. (Aside: That’s not entirely true; two-factor authentication systems can, but they’re not common.)

One way to make your web identities more secure – there’s no such thing as actually securing them – is simply to acknowledge that there are entire classes of websites for which you should simply pretend that your password is already public. Think of anything short of your bank and your email service provider as compromised-in-advance. (Although even your bank may be compromised already.)

The more often you re-use a password, the less secure that password is. (Unless you’re using a system like 1password, which can generate and remember a new, significantly-more-secure-than-average password for each site.)

That’s why last December I outlined my own system for attempting to keep my logins secure. Since then I’ve simplified it: you need only memorize three passwords. Enforcing this personally can help keep your data secure; making it a company-wide policy to force users to periodically update their accounts with unique, strong passwords is an important part of keeping an entire network secure.

1. All sites other than your email account and anyplace that stores your bank or credit card information get a throwaway password. Facebook, Twitter, the billion other sites that require a login – forget it; they’re toast. Would it kill you to have these accounts hacked? If the answer is no, these are the sites that are among the 97 percent or so of sites you use that will all be secured by the same password.

2. Sites with your credit card or bank information get a unique, secure password that you use on no other sites. Here are some tips on creating a secure password.

3. Your email account gets a totally unique, secure password used on no other sites. God only knows what’s in your Gmail. Enough sensitive data to bury your online life forever. Make sure the only way to ever give an attacker access to this email is by going in the front door – through Google’s security – and not by simply punching in a password they found elsewhere, on a less-secure site. Accessing Gmail with a password that was re-used on other, compromised sites is the most common way that Gmail is “hacked.”

Also: learn how to recognize phishing attacks. This is the other most common way that users give up access to their email accounts.

Deep Dive


Our best illustrations of 2022

Our artists’ thought-provoking, playful creations bring our stories to life, often saying more with an image than words ever could.

How CRISPR is making farmed animals bigger, stronger, and healthier

These gene-edited fish, pigs, and other animals could soon be on the menu.

The Download: the Saudi sci-fi megacity, and sleeping babies’ brains

This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology. These exclusive satellite images show Saudi Arabia’s sci-fi megacity is well underway In early 2021, Crown Prince Mohammed bin Salman of Saudi Arabia announced The Line: a “civilizational revolution” that would house up…

10 Breakthrough Technologies 2023

Every year, we pick the 10 technologies that matter the most right now. We look for advances that will have a big impact on our lives and break down why they matter.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.