Friday, December 17, 2010

Here's the dirty truth about website passwords

Let's say you have good old traditional user-name and passwords on 50 different websites. That's 50 different programmers who all have different ideas of how your password should be stored. I hope for your sake you used a different (and extremely secure) password on every single one of those websites. Because statistically speaking, you're screwed.

In other words, the more web sites you visit, the more networks you touch and trust with a username and password combination -- the greater the odds that at least one of those networks will be compromised and give up your credentials for the world to see. At that point, unless you picked a strong, unique password on every single site you've ever visited, 

The bad news is that most users don't pick strong passwords. This has been proven time and time again Even worse, most users re-use these bad passwords across multiple websites

the concept of the internet driver's license? That is, logging on to a web site using a set of third party credentials from a company you can actually trust to not be utterly incompetent at security? Sure, we're centralizing risk here to, say, Google, or Facebook Random Website, and this really is no different in practice than having password recovery emails sent to your GMail account-- stop trusting every random internet site with a unique username and password! Demand that they allow you to use your internet driver's license -- that is, your existing Twitter, Facebook, Google, or OpenID credentials -- to log into their website.


  1. Excellent article to save users from password hijaCKING...:)

  2. thnx arvind for the comment....just wanted to spread the awareness ..