Passwords on the Internet

I subscribe to the Malware Report, which is a security podcast provided by Eset, the makers of the great anti-virus tool that is NOD32. The recent episode spoke about social networking sites which ask you for a whole lot of information about yourself. It spoke about how ignorant users can give too much info about themselves, making them easily identifiable to not only spammers, but also stalkers, pedophiles, and other bad guys. One point made in that podcast that struck a chord with me was that many users, including yours truly until recently, was using one password for all my services. Same password for Hotmail to Gmail to forums to Paypal to online banking. I knew this wasn't the safest thing to do, but it was the convinient thing to do.

Coming to think about it more often, I realized that in our daily internet activities we leave a lot of info about ourselves online. Say you sign up for some new website that you came across. You go to the registration page, scroll down the "Terms and Conditions" page in the blink of an eye, and click "I Agree". The Malware report was talking about the terms of tagged.com, some social networking site, which basically says that it can do anything they want with the data that's being collected. This is dangerous stuff.

Back to talking about passwords, when you sign up, you key-in the same password that you use for virtually everything else, or a variation of it. You do not know how that particular site is going to be storing that data. Will they have it encrypted? Or will they have it in plain text? Even if the site owner's themselves do not have any malpractice in mind, if someone hacked into their database, they would be able to get your password.

Think it won't happen to you because you don't participate that much on the internet? A client of mine recently installed an intranet based payroll system from a reputable company, paying top dollar for it . When I had a look inside the SQL Server database of the system, I found the passwords of all the managers in plain text. Dangerous stuff. So always be protective of your passwords. Try to make them as complex as possible, although not complex enough that even you can't remember it. When this happens most people usually write it down in bright yellow post-it notes and stick it up on their monitors. As I said before, dangerous stuff.