Skip to Content

Why the Internet Is Fundamentally Less Secure than It Used to Be

Your passwords are stored on more sites than ever—too bad you’ve never bothered to change them.

Your company’s data is only as secure as the weakest security of the most fly-by-night website to which anyone in your organization has ever given their password.

The Maginot Line: This is what your passwords look like to hackers

Think about that for a moment: One of your summer interns used the same password on your company intranet as they use on the hacked-together open source message board on which they swap stories with their friends about how awesome it was to do whippets around the campfire at last year’s Bonnaroo.

That’s why leaks of user data and passwords like the kind that are happening with increasing frequency are so devastating – no security system can protect a web application from a user who has the keys required to get in. (Aside: That’s not entirely true; two-factor authentication systems can, but they’re not common.)

One way to make your web identities more secure – there’s no such thing as actually securing them – is simply to acknowledge that there are entire classes of websites for which you should simply pretend that your password is already public. Think of anything short of your bank and your email service provider as compromised-in-advance. (Although even your bank may be compromised already.)

The more often you re-use a password, the less secure that password is. (Unless you’re using a system like 1password, which can generate and remember a new, significantly-more-secure-than-average password for each site.)

That’s why last December I outlined my own system for attempting to keep my logins secure. Since then I’ve simplified it: you need only memorize three passwords. Enforcing this personally can help keep your data secure; making it a company-wide policy to force users to periodically update their accounts with unique, strong passwords is an important part of keeping an entire network secure.

1. All sites other than your email account and anyplace that stores your bank or credit card information get a throwaway password. Facebook, Twitter, the billion other sites that require a login – forget it; they’re toast. Would it kill you to have these accounts hacked? If the answer is no, these are the sites that are among the 97 percent or so of sites you use that will all be secured by the same password.

2. Sites with your credit card or bank information get a unique, secure password that you use on no other sites. Here are some tips on creating a secure password.

3. Your email account gets a totally unique, secure password used on no other sites. God only knows what’s in your Gmail. Enough sensitive data to bury your online life forever. Make sure the only way to ever give an attacker access to this email is by going in the front door – through Google’s security – and not by simply punching in a password they found elsewhere, on a less-secure site. Accessing Gmail with a password that was re-used on other, compromised sites is the most common way that Gmail is “hacked.”

Also: learn how to recognize phishing attacks. This is the other most common way that users give up access to their email accounts.

Deep Dive


Five poems about the mind

DREAM VENDING MACHINE I feed it coins and watch the spring coil back,the clunk of a vacuum-packed, foil-wrappeddream dropping into the tray. It dispenses all kinds of dreams—bad dreams, good dreams,short nightmares to stave off worse ones, recurring dreams with a teacake marshmallow center.Hardboiled caramel dreams to tuck in your cheek,a bag of orange dreams…

Work reinvented: Tech will drive the office evolution

As organizations navigate a new world of hybrid work, tech innovation will be crucial for employee connection and collaboration.

lucid dreaming concept
lucid dreaming concept

I taught myself to lucid dream. You can too.

We still don’t know much about the experience of being aware that you’re dreaming—but a few researchers think it could help us find out more about how the brain works.

panpsychism concept
panpsychism concept

Is everything in the world a little bit conscious?

The idea that consciousness is widespread is attractive to many for intellectual and, perhaps, also emotional
reasons. But can it be tested? Surprisingly, perhaps it can.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.