Most computer users repeat passwords, at their peril

April 16, 2008 By JORDAN ROBERTSON, AP Technology Writer

(AP) -- Using the same password for multiple Web pages is the Internet-era equivalent of having the same key for your home, car and bank safe-deposit box.

Content from The Associated Press expires 15 days after original publication date. For more information about The Associated Press, please visit www.ap.org .

Similar stories from PHYSorg:

So many passwords, so little memory

Apr 15, 2009 | 3 / 5 (6) | 1

Review: Password management eases with Net storage

Aug 12, 2009 | 2 / 5 (1) | 2

NYC bank heist makes for an unexpected Tweet

Jul 14, 2009 | not rated yet | 0

U-M researcher's idea may soon simplify financial aid process

Feb 10, 2009 | not rated yet | 0

Face it, even on the Web we want privacy

Jan 13, 2009 | 2 / 5 (1) | 0

Rate this story - 4.2 /5 (17 votes)

rank
1
2
3
4
5

view popular

Move the slider to adjust rank threshold, so that you can hide some of the comments.

Display comments: newest first

gopher65 - Apr 16, 2008
- Rank: 3.5 / 5 (2)
I can see using the same series of passwords (or even the same password) for unimportant things like forum accounts, but not for stores or online bank accounts or anything. That'd just be silly.
- report abuse
- - Current rank
  - 1
  - 2
  - 3
  - 4
  - 5
bmcghie - Apr 16, 2008
- Rank: 3.7 / 5 (3)
I know I use my physorg password for all my other forums. Why? Easier, and there is NO important info in any of the accounts besides my email address. Bank accounts and other things? You'd have to be braindead to duplicate those.
- report abuse
- - Current rank
  - 1
  - 2
  - 3
  - 4
  - 5
bhiestand - Apr 16, 2008
- Rank: 4.3 / 5 (3)
While we can all sit here and say "those idiots!", it's important to look at the reasons for this. A regular user of computer networks will have to maintain dozens of passwords which should all be separate and have varying complexity requirements. Without the use of password management programs, it is impossible for most people to manage and remember so many different passwords.

Unfortunately, this lends credence to the idea of a trusted computing network. A reliable public/private key system, with something like a smartcard and pin would go a long way towards securing our networks. Other solutions have been proposed, including expansion of existing LDAP and single sign-on/cross-site authentication systems. Microsoft is attempting to tackle this issue with Windows Live Sign-On, but you can rest assured that it won't be an open standard, available to all sites, or support all operating systems.

Hopefully further studies and public recognition of this problem will yield better solutions. Until then, the internet will remain the new "wild west".
- report abuse
- - Current rank
  - 1
  - 2
  - 3
  - 4
  - 5
CreepyD - Apr 17, 2008
- Rank: 1.8 / 5 (4)
I tried some password management software.. It contained a trojan. Never will I trust software to keep my passwords.
- report abuse
- - Current rank
  - 1
  - 2
  - 3
  - 4
  - 5
AJW - Apr 17, 2008
- Rank: not rated yet
The act of theft is always the Key cause
of that theft and fraud.
"At the same time, 88 percent of the 800 people interviewed in the U.S. and the U.K. for the survey by the Accenture consultancy, which is to be released Thursday, said personal irresponsibility is the key cause of identity theft and fraud."

P.S. Where is that password and biograph
chip to plant in my brain?
- report abuse
- - Current rank
  - 1
  - 2
  - 3
  - 4
  - 5
ontheinternets - Apr 17, 2008
- Rank: 5 / 5 (1)
I suggest keeping passwords on paper, perhaps in two locations. This is because these cannot be retrieved by a remote attacker online by any means (unless you point a webcam at them, but that's just silly).

For some further level of security, do not write down what each password is for, do not write down your login name, and for further protection, encode them with a simple trick (ie. begin at a certain offset and rotate, jump through characters in a known set pattern, shift your hands on the keyboard by a char or two, etc.). Yes, this is security by obscurity - but that is an Achilles heel for algorithms for wide and generalized application rather than ones for personal use. If you find that your passwords have fallen into someone else's hands, then use your other copy as a means to login and make new ones.
- report abuse
- - Current rank
  - 1
  - 2
  - 3
  - 4
  - 5

Other News

San Jose police mount cameras on officers' heads

Technology / Hi Tech

1hour ago | not rated yet | 1

(AP) -- Grainy cell phone images are often used against cops accused of using excessive violence. Now, officers are being armed with their own cameras.

Hearing assistance comes to the home (w/ Video)

Technology / Engineering

4 hours ago | 5 / 5 (1) | 0

(PhysOrg.com) -- European researchers have combined state-of-the-art technologies to help end the isolation suffered by the hearing impaired. End users are eager to get their hands on the suite of tools.

Moving video to 'captcha' robot hackers

Technology / Computer Sciences

4 hours ago | 3 / 5 (1) | 0

We see the popular "captcha" security mechanism often ― wavy letters websites ask us to type into a box. It's used by web pages and newsletter sign-up forms to prevent computer robots from hacking into servers and databases. ...

Nokia expands patent dispute beyond Apple iPhone

Technology / Business

2 hours ago | not rated yet | 0

(AP) -- Nokia Corp. is broadening a legal dispute it already has with Apple Inc. over the iPhone, saying almost all of the company's other products also violate the Finnish phone maker's patents.

A man passes through a high-tech explosive-detection machine at John F. Kennedy airport in New York

After foiled US plane attack, scanners revisited

Technology / Other

10 hours ago | 5 / 5 (1) | 0

As US lawmakers demand to know how a would-be attacker smuggled explosives aboard a plane on Christmas Day, the use of body scanners at airport security points is likely to be revisited.