Skip to Content

Why the Internet Is Fundamentally Less Secure than It Used to Be

Your passwords are stored on more sites than ever—too bad you’ve never bothered to change them.

Your company’s data is only as secure as the weakest security of the most fly-by-night website to which anyone in your organization has ever given their password.

The Maginot Line: This is what your passwords look like to hackers

Think about that for a moment: One of your summer interns used the same password on your company intranet as they use on the hacked-together open source message board on which they swap stories with their friends about how awesome it was to do whippets around the campfire at last year’s Bonnaroo.

That’s why leaks of user data and passwords like the kind that are happening with increasing frequency are so devastating – no security system can protect a web application from a user who has the keys required to get in. (Aside: That’s not entirely true; two-factor authentication systems can, but they’re not common.)

One way to make your web identities more secure – there’s no such thing as actually securing them – is simply to acknowledge that there are entire classes of websites for which you should simply pretend that your password is already public. Think of anything short of your bank and your email service provider as compromised-in-advance. (Although even your bank may be compromised already.)

The more often you re-use a password, the less secure that password is. (Unless you’re using a system like 1password, which can generate and remember a new, significantly-more-secure-than-average password for each site.)

That’s why last December I outlined my own system for attempting to keep my logins secure. Since then I’ve simplified it: you need only memorize three passwords. Enforcing this personally can help keep your data secure; making it a company-wide policy to force users to periodically update their accounts with unique, strong passwords is an important part of keeping an entire network secure.

1. All sites other than your email account and anyplace that stores your bank or credit card information get a throwaway password. Facebook, Twitter, the billion other sites that require a login – forget it; they’re toast. Would it kill you to have these accounts hacked? If the answer is no, these are the sites that are among the 97 percent or so of sites you use that will all be secured by the same password.

2. Sites with your credit card or bank information get a unique, secure password that you use on no other sites. Here are some tips on creating a secure password.

3. Your email account gets a totally unique, secure password used on no other sites. God only knows what’s in your Gmail. Enough sensitive data to bury your online life forever. Make sure the only way to ever give an attacker access to this email is by going in the front door – through Google’s security – and not by simply punching in a password they found elsewhere, on a less-secure site. Accessing Gmail with a password that was re-used on other, compromised sites is the most common way that Gmail is “hacked.”

Also: learn how to recognize phishing attacks. This is the other most common way that users give up access to their email accounts.

Keep Reading

Most Popular

It’s time to retire the term “user”

The proliferation of AI means we need a new word.

The problem with plug-in hybrids? Their drivers.

Plug-in hybrids are often sold as a transition to EVs, but new data from Europe shows we’re still underestimating the emissions they produce.

Sam Altman says helpful agents are poised to become AI’s killer function

Open AI’s CEO says we won’t need new hardware or lots more training data to get there.

A brief, weird history of brainwashing

L. Ron Hubbard, Operation Midnight Climax, and stochastic terrorism—the race for mind control changed America forever.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.