Are passwords our best security option?
When even the most careful and security-minded PC users fall prey to password thieves, you have to think that there must be a better way.
Last week, Steve Bass described in his TechBite newsletter how someone cracked into his PayPal account, hitting him up for $400. Fortunately, Steve caught the theft in time to have the bogus charge reversed, but reading about Steve's experience made my blood turn cold.
The fact is, people get their online accounts pilfered every day. But this is Steve Bass we're talking about. I learned more about PC security from Steve while we worked together at PC World than I have picked up from any other 10 so-called experts. I know how careful he is when making purchases at the corner grocery store, let alone on Web sites.
If Steve Bass can have his virtual pocket picked, it can happen to anyone--and I mean anyone. When I finished reading Steve's tale of woe, I was left thinking, "There's gotta be a better way."
Well, for right now, maybe there isn't a better way to protect ourselves online than using strong passwords that we change regularly. About a year ago, I presented several tips on using passwords. Steve's article goes that blog post one better by including links to Microsoft's password checker and instructions from the company on how to craft strong passwords.
I'm willing to accept the fact that passwords are the best data-security option today, but they're far from perfect, primarily because of the human factor. Either our passwords are too easy to guess or we're too willing to share them, whether inadvertently (by writing them down where others can find them) or on purpose.
My notebook computer (which is currently in the shop; more on that later this week) has a fingerprint scanner embedded in the case. I used this scanner to log into my Windows account for many months, but then the reader started to flake off, refusing to accept my finger swipes and requiring that I type in my password anyway.
It didn't take long for me to abandon the fingerprint reader entirely. I have a feeling that other password alternatives--biometric or otherwise--have similar shortcomings. It might be possible to make one of these access-control technologies more reliable, but doing so could make the cost prohibitive for PC vendors.
Since we'll likely be relying on passwords to secure our systems and data for some time to come, we need to keep in mind that cyberthieves are getting trickier and trickier in the techniques they devise to coax our passwords out of us. Even as we become more mindful of the attempts to steal our passwords, we have to prepare for the day when ours will fall into the wrong hands.
Keep a close eye on those credit-card statements and charges to online accounts. Don't hesitate to contact the financial institution involved if you suspect you've been victimized. Don't think that a strong password--or even a world-class password-management utility such as RoboForm--is all the protection you need on the Web. (You can read more about RoboForm and Siber Systems' other password-management products in Steve's newsletter.)