Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

Isn't the REAL problem at the target website being hacked?

Sep 13, 2014 9:04AM PDT

The PWD discussion is great; lots of ideas on how to keep YOUR PWDs safe from penetration of YOUR computer. But.... what about the terrible lack of security at the web sites you browse and if they (the Company owning the website) is hacked then your information they have stored is stolen? That information may NOT be encrypted so for your access to THAT company you are compromised. We are told to change our PWDs if a company like TARGET gets hacked. Unless your PWD is unique (i.e. not used in any other site) then you are only vunerable to the one site (e.g.TARGET). However if you have used the same PWD at other sites, you are doomed to change ALL your PWDs to be safe. Uniqueness is key here, I Think.
My questions:
1) By having EVERY PWD unique, you can change just that PWD and not any of the others. Seems to be a mandantory procedure for all.
2) Password Managers ONLY protect someone from penetrating your system and get the prize of all your PWDs. But WHO is looking at a single user's system for such penetration? Seems that Password Managers are protecting a lot of data that no hacker wants anyway.

Am I correct in how sites such as TARGET, et al save your ID & PWD to check if you are authorized? Boy, if THAT data is not protected except by that Company's expertise in handling sensitive data... then THAT is where our biggest exposure lies, is it not?

Jim B

Discussion is locked

- Collapse -
Answer
Read why the target website can't be secured.
Sep 13, 2014 11:16AM PDT
- Collapse -
Target website certainly CAN secure their customer data
Sep 13, 2014 1:08PM PDT

Your answer is very confusing! Certainly commercial sites CAN secure data such as Userids & PWDs they use it to identify a verified user! What nonsense to quote the NSA involvement. Companies Can encrypt customer data...I challenge you to show me the law where they cannot. As for Govt access to the data, that's simply a legal issue not a business nor a technical issue. Come on... Enough of the NSA bogeyman....companies won't secure the data b/c of the added cost, I M H O!
Anyone else out there with a different view? Jim B

- Collapse -
No. Commercial sites can not secure the data.
Sep 14, 2014 1:34AM PDT