Sunday, May 1, 2011

On websites storing passwords...

     Many sites, especially the ones with a 'social' angle ask for usernames and passwords of your other accounts like gmail and facebook, so that they can leverage your already formed contacts from those sites. These sites that ask for username/passwords conspicuously mention that they don't store your passwords for the other accounts. However, I have seen no site conspicouosly mention something like 'We do not store passwords you entered on *unsuccessful* login attempts at our site'.
     Of what use would an incorrect password be to a site/organisation ? Well, none, if the the site is 100% professional and ethical. Otherwise an incorrect password can prove to be quite useful. For a user, an incorrect password for one site might be the correct password for some other! Thus, if a site has accumulated enough incorrect passwords entered by a particular user, chances are, that they can successfully log in into other sites using the user's username and one of those incorrect passwords! Now thats bad, isn't it ?
     One of the reasons people use same passwords everywhere or even use simple passwords is because strong passwords are difficult to remember. In addition, there is this innocent looking advice that they are trying to follow - 'Never write your password down'. When in fact, the advice should sound like this - 'Never write your password down where someone could easily find it.' Carrying the list of passwords in one's wallet is worse than having a weak password. However, keeping the list in a decently safe locker is way way better than using weak passwords all over the Internet.

Related Content

No comments: