We Are Doing Security Wrong

My friend’s email password was compromised. Is he the weakest link? Possibly, though recent personal experience shows he may have been sold out by the companies he deals with.

One of my former co-workers wrote me this morning under the subject: “VERY URGENT!!!!!Help & a favor.”

I really hope you get this fast. I could not inform anyone about our trip, because it was impromptu. we had to be in Turkey for Tour.

OK — it didn’t come from my friend. It was just made to look like he is writing.

i will be indeed very grateful if i can get a short term loan from you ($2,600). this will enable me sort our hotel bills and get my sorry self back home.

I didn’t follow up. Had I replied I would have been led to send the money via Western Union in a way that’s untraceable.

These emails go out because people fall for them!

passwordMy friend’s email password was compromised. Is he the weakest link? Possibly, though recent personal experience shows he may have been sold out by the companies he deals with.

Yesterday eBay asked me to reset my password because of their security problems. This follows Target’s faux pas which led to our credit cards being reissued (and the hassle that followed).

Companies screw up, but I’m obligated to help clean their mess.

In most cases, if a hacker gets hold of your email account he’s got everything! Passwords can be reissued and ownership of a specific email account is all the ID you need!

This is crazy.

Google and a few others have begun offering 2-step verification to cut back on fraud. I tried Google’s offer and switched back. It was an incredible hassle.

Passwords were good protection when the Internet was young and its users mostly trustworthy. That’s no longer the case. We live our lives online. We need a better way.