Many people using the Internet today have moved beyond the problem of simple passwords like 'fred' being common. In fact, when 34,000 MySpace usernames and passwords were compromised and leaked back in 2006, some interesting trends were noted.

  • Over 80% of the passwords were over six characters
  • 81% contained both letters and numbers
This is encouraging, however another danger still exists with these secure passwords. Many people will have a long, complex password; but then they use it on a variety of sites. Few people realize just how much is in jeapordy by this behavior. We will now take a few minutes and look at the case of a user called Todd. Todd doesn't actually exist, but he could be any one of the millions of users on the web today.



Todd is fairly new to the web, but he is learning more each day. One of the first things he was told was to have a nice, long password for his important sites. He made sure to use this for his bank and for his online mail account. What could need more security than those two items? Time went on for Todd and the number of sites he visited grew each day. For a while, he kept a notebook of logins for different sites but eventually this became too cumbersome. He eventually settled on using his secure password and one other variation for pretty much everything. In fact, Todd has just signed up for a new online community site called MyNewsZ.com. When he made his account, he gave them the same email address he's been using since the beginning. When it came time for the password, he flipped a coin in his head and landed on that same password he used for his bank and his email address.

A few weeks later, MyNewsZ.com is concerned. A user on the site found a security problem and notified the company. After investigating, they discover this problem could be used to get user account information from their system, including email addresses and passwords. The site owners have the software upgraded and the server logs checked. The logs are limited and nothing jumps out as being too unusual, so everyone assumes they dodged a bullet and go on with their business as usual.

Unfortunately, the user who alerted the company was not the first to find the problem. Another user found the problem several weeks earlier and had no qualms about using it to his full advantage. With a few simple commands, he gets a list of several thousand accounts and passwords and is gone without a trace. The first thing this person does is test each email address with the password used on the site. He is delighted to find that over 75% of the people used the same password for both the site and their email address. After that, he begins looking for interesting items in each person's inbox. When he comes to Todd's, he is delighted to see online banking statements. Hoping his luck continues, he goes to the banks website and gives Todd's email address and password as login credentials. Thoughts of an eBay spending spree fill his head as he looks over Todd's bank accounts now in his control.



The cause of this whole problem is the repeated use of a single password. The only way to prevent this is the consistent use of new passwords for new accounts. Paper & pencil as well as spreadsheets have both failed in this regard time and time again. The solution is an easy to use, portable password manager that actually simplifies things for you when used properly. Xizzo is this solution.

Xizzo.com
4015 S. McClintock Drive - Suite 106
Tempe, AZ 85282

© 2004-2009 Xizzo.com, All Rights Reserved.