Tuesday, October 12, 2010

Why you shouldn’t use the same Username / Password on many sites.

Are you guilty of using the same user name and password on all sites where you have an account? If so then you should really not be doing this.

Consider the following scenario:

You create a new account at SiteXYZ.com using your typical user name and password. SiteXYZ.com has implemented its user and password storage in the database to save this data as plain (unhashed) text.

Now suppose SiteXYZ.com gets hacked with the attacker able to get access to the user and password information (which is stored in plain text) or the owner of SiteXYZ.com is an unscrupulous individual who is simply harvesting login information from people creating accounts.

The person who now has the user and password information starts trying it on common sites (such as Google, Yahoo, Facebook, Twitter, etc.) and on online banking sites.

So in the above situation, if you had your Facebook account using the same user and password as SiteXYZ.com, your account is now compromised. Worse yet, think about what could happen if that person was able to get into your online banking site…

Of course, some accounts are more important than others but at the very least you should make sure your most important accounts have a unique password.

0 comments:

Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Walgreens Printable Coupons