techThoughts ::
Thoughts, ideas, code, speculation and news
about all things technology.
Full feed
Full feed Partial feed
It is not always about the password

Password strength is definitely important. Obviously, if you use a dictionary based password like MyPassword, you are not going to get much protection. However, more and more people are starting to use strong passwords and take other measures such as running applications from a thumb drive. All of these seem to provide people with a sense of protection and in many cases they do. But how many times have you seen people on vacation in Internet cafe's or business centers, typing away to friends at home, checking accounts and whatever else? I have seen this often and it is reasonable to expect that there are times when you have to (or just want to) check in. But who owns the computer? Can they be trusted? Can others who have access to the computer be trusted?

People might bring along their thumb drive, filled with portable Firefox and start typing away. They log in, send email and perhaps log into a few other sites. When they are finished, they may even try to clear their tracks from the machine and so on. Again, this is great - but what good does it do when the machine itself is compromised with a keystroke logger? How about adding in screen snapshots and other techniques typically used to monitor employees? The answer is simple - if you do not control or trust the controlling security of the computer in question, you should expect that it could be compromised. For a concrete example - check out the following:

Hotmail used to launch extortion scam

Short of dragging around your own computer (even then, you need to be aware of packet sniffing and other network attacks), it is good to be aware that your password may be compromised, particularly when using systems found at cafes or while on vacation. This should also be a reminder to not share the same password across multiple websites (or computers), unless the information is not deemed important. One question to ask yourself - "Do I care if any random stranger, or criminal has access to this site/ computer?"

Further, once you return from vacation (or from using an untrusted outside system), it would not be unwise to immediately change the password to all sites visited.

Finally, I would advise not accessing any bank or financial related sites from cafes/ vacation sites. Simply being aware and taking simple steps accordingly, while not providing complete protection, can at least help stave off potential disasters.



TrackBack URL for this entry:

Listed below are links to weblogs that reference It is not always about the password:


The comments to this entry are closed.