Week 9 Blog
This week I wanted to take a minute and discuss a little
about passwords and what some large companies are offering to help make it
easier on users. Keep in mind though, if
it seems too good to be true, there are risks associated.
It seems like these days no matter what you do online, it
somehow involves creating a user account followed up by creating a username /
password. Although this is a security
practice that needs to take place, remembering different usernames and
passwords for many different sites can become tedious. Not to mention the aggravation associated
with trying to get a password reset if the account gets locked out after so
many failed attempts. Because of the
vast amount of websites requiring authentication, it’s no wonder many use the
same username/ password for all their different accounts.
To help simplify matters and make it easier on users, many
large companies are offering a service that allows a user to login into a
certain site using the same credentials as what they use when accessing that
same large company. For instance, Yahoo
allows a user to login with their Google credentials if they elect to. Or some music sites allow users to login
using their Facebook account credentials.
Although this eases the burden for many users either trying
to remember several username / passwords, or using the same one, there is a
risk. Because these credentials are
linked to the various sites a user may visit, an attacker needs to only compromise
one of the sites and retrieve the username /password, which would then give
them access to all the other sites those credentials are linked to. For instance, if a user’s Facebook account is
compromised and their username/ password is obtained, all the sites associated
with the account could then be compromised.
In a day and age where attackers tend to go after large
databases to obtain user’s credentials, this could be like inviting the lion to
dinner. With that said, most major
companies like those hosting this type of service do have many protection
levels to help secure an individual’s personal information, but remember; nothing
is full proof. It really boils down to
confidence in the company and the risk the user is willing to take. So before a leap of faith is taken and one
clicks to jump on board, just stop, think about it first, and then use your
best judgment. It’s the least anyone should
do when it comes to protecting their most important assets.
No comments:
Post a Comment