Recycling is a must, but why would you reuse your password [source: welivesecurity]
by CIRT Team
It would be nice to imagine that if the various contenders for “inventor of the password” had known how much of a hassle its computer variety would end up posing centuries later, they would never have bothered. Or maybe that inventor – perhaps a Gileadite or Roman soldier – just didn’t care about the tradeoff between security and convenience that would plague us in the internet era. Either way, the legacy of the military watchword is here to stay.
Quipping aside, the routine works like this: you sign up with your username and password that only you know, and you’re golden. To log in again, you just need to recall and input your login credentials. Of course you knew this would happen, so you took some “precautions”: you set up the account with an easy-to-remember password.
And therein lies the problem. “Easy-to-remember” most often equates to short and simple, as well as easy to guess. That’s especially true for password-cracking software doing the bidding of an operator intent on brute-forcing his way into your account. Such software can open the trove of treasures just as magically as the phrase “Open Sesame!” does with the mouth of a cave in a well-known folk story.
On the flip side, a password that is long, complex and random is harder to crack, but also harder to remember. And therein lies the problem (yes, again!). Recalling many impossible-to-guess passwords and being able to remember to which particular online service each belongs is just too much of a tall order, unless you have the memory of an elephant.
Indeed, passphrases – say it with me, “I LOVE to Read WeLiveSecurity!” – may help both in terms of security and convenience (the latter being simply a proxy for memorability). However, is it reasonable to expect every user to remember a distinct passphrase or password for each and every online account?
Something’s got to give
What many people do – at least those who are not elephants – is skimp on their security, use an atrocious password (“123456”, anyone?) and go on their merry way. Until their accounts are hacked and their online personas are compromised or, worse, their identities and money are stolen. After all, it is human nature to disregard risk until disaster strikes.
For more, click here.