Are passwords our best security option?

When even the most careful and security-minded PC users fall prey to password thieves, you have to think that there must be a better way.

Last week, Steve Bass described in his TechBite newsletter how someone cracked into his PayPal account, hitting him up for $400. Fortunately, Steve caught the theft in time to have the bogus charge reversed, but reading about Steve's experience made my blood turn cold.

The fact is, people get their online accounts pilfered every day. But this is Steve Bass we're talking about. I learned more about PC security from Steve while we worked together at PC World than I have picked up from any other 10 so-called experts. I know how careful he is when making purchases at the corner grocery store, let alone on Web sites.

If Steve Bass can have his virtual pocket picked, it can happen to anyone--and I mean anyone. When I finished reading Steve's tale of woe, I was left thinking, "There's gotta be a better way."

Well, for right now, maybe there isn't a better way to protect ourselves online than using strong passwords that we change regularly. About a year ago, I presented several tips on using passwords . Steve's article goes that blog post one better by including links to Microsoft's password checker and instructions from the company on how to craft strong passwords.

I'm willing to accept the fact that passwords are the best data-security option today, but they're far from perfect, primarily because of the human factor. Either our passwords are too easy to guess or we're too willing to share them, whether inadvertently (by writing them down where others can find them) or on purpose.

My notebook computer (which is currently in the shop; more on that later this week) has a fingerprint scanner embedded in the case. I used this scanner to log into my Windows account for many months, but then the reader started to flake off, refusing to accept my finger swipes and requiring that I type in my password anyway.

It didn't take long for me to abandon the fingerprint reader entirely. I have a feeling that other password alternatives--biometric or otherwise--have similar shortcomings. It might be possible to make one of these access-control technologies more reliable, but doing so could make the cost prohibitive for PC vendors.

Since we'll likely be relying on passwords to secure our systems and data for some time to come, we need to keep in mind that cyberthieves are getting trickier and trickier in the techniques they devise to coax our passwords out of us. Even as we become more mindful of the attempts to steal our passwords, we have to prepare for the day when ours will fall into the wrong hands.

Keep a close eye on those credit-card statements and charges to online accounts. Don't hesitate to contact the financial institution involved if you suspect you've been victimized. Don't think that a strong password--or even a world-class password-management utility such as RoboForm--is all the protection you need on the Web. (You can read more about RoboForm and Siber Systems' other password-management products in Steve's newsletter.)

About the author

    Dennis O'Reilly began writing about workplace technology as an editor for Ziff-Davis' Computer Select, back when CDs were new-fangled, and IBM's PC XT was wowing the crowds at Comdex. He spent more than seven years running PC World's award-winning Here's How section, beginning in 2000. O'Reilly has written about everything from web search to PC security to Microsoft Excel customizations. Along with designing, building, and managing several different web sites, Dennis created the Travel Reference Library, a database of travel guidebook reviews that was converted to the web in 1996 and operated through 2000.

     

    Join the discussion

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    HOT ON CNET

    Is your phone battery always at 4 percent?

    These battery packs will give your device the extra juice to power through all of those texts and phone calls.