Christopher Mims

A View from Christopher Mims

Why the Internet Is Fundamentally Less Secure than It Used to Be

Your passwords are stored on more sites than ever—too bad you’ve never bothered to change them.

  • June 27, 2011

Your company’s data is only as secure as the weakest security of the most fly-by-night website to which anyone in your organization has ever given their password.

The Maginot Line: This is what your passwords look like to hackers

Think about that for a moment: One of your summer interns used the same password on your company intranet as they use on the hacked-together open source message board on which they swap stories with their friends about how awesome it was to do whippets around the campfire at last year’s Bonnaroo.

That’s why leaks of user data and passwords like the kind that are happening with increasing frequency are so devastating – no security system can protect a web application from a user who has the keys required to get in. (Aside: That’s not entirely true; two-factor authentication systems can, but they’re not common.)

One way to make your web identities more secure – there’s no such thing as actually securing them – is simply to acknowledge that there are entire classes of websites for which you should simply pretend that your password is already public. Think of anything short of your bank and your email service provider as compromised-in-advance. (Although even your bank may be compromised already.)

The more often you re-use a password, the less secure that password is. (Unless you’re using a system like 1password, which can generate and remember a new, significantly-more-secure-than-average password for each site.)

That’s why last December I outlined my own system for attempting to keep my logins secure. Since then I’ve simplified it: you need only memorize three passwords. Enforcing this personally can help keep your data secure; making it a company-wide policy to force users to periodically update their accounts with unique, strong passwords is an important part of keeping an entire network secure.

1. All sites other than your email account and anyplace that stores your bank or credit card information get a throwaway password. Facebook, Twitter, the billion other sites that require a login – forget it; they’re toast. Would it kill you to have these accounts hacked? If the answer is no, these are the sites that are among the 97 percent or so of sites you use that will all be secured by the same password.

2. Sites with your credit card or bank information get a unique, secure password that you use on no other sites. Here are some tips on creating a secure password.

3. Your email account gets a totally unique, secure password used on no other sites. God only knows what’s in your Gmail. Enough sensitive data to bury your online life forever. Make sure the only way to ever give an attacker access to this email is by going in the front door – through Google’s security – and not by simply punching in a password they found elsewhere, on a less-secure site. Accessing Gmail with a password that was re-used on other, compromised sites is the most common way that Gmail is “hacked.”

Also: learn how to recognize phishing attacks. This is the other most common way that users give up access to their email accounts.

Cut off? Read unlimited articles today.

Become an Insider
Already an Insider? Log in.

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

Want more award-winning journalism? Subscribe to Insider Premium.
  • Insider Premium {! insider.prices.premium !}*

    {! insider.display.menuOptionsLabel !}

    Our award winning magazine, unlimited access to our story archive, special discounts to MIT Technology Review Events, and exclusive content.

    See details+

    What's Included

    Bimonthly magazine delivery and unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

    First Look: exclusive early access to important stories, before they’re available to anyone else

    Insider Conversations: listen in on in-depth calls between our editors and today’s thought leaders

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.