The Myths of Security by John Viega

Simple passwords may be easy to remember, but they’re also easy for automated systems to guess.

Lots of people use one or two passwords for all their accounts, or have similar bad password practices that increase their risks.

If you try to do the right thing and use different passwords everywhere, it’s easy to forget important passwords, particularly the ones you don’t use often.

If you use a program to remember your passwords, you now have one very important password. When you need to log in from a friend’s machine, you might be in trouble. And you can be in a horrible position if you don’t keep backups and your computer dies.

If you use a program to remember passwords and you leave your computer unattended, people may be able to just sit down and access your accounts.

In many cases, your passwords can be snooped when you use them. It could be malware running on your computer and logging your password, or it could be malware on your coworker’s computer, looking for passwords on its way to the Internet.

Passwords make it risky to use other people’s machines to access the Internet, because who knows what kind of keylogging malware is installed? For instance, when I go to a conference or into the Apple Store, they often have machines for accessing email, but I refuse to use any password.

Password recovery systems often increase risk. It’s not tough to find out my mother’s maiden name or to find ...