Traditionally, we confirm that we are who we say we are online by providing the websites we use with a username and password. But does this make it easier for phishers and fraudsters to steal our identity? At the moment, this depends on us, or rather, how good our memory is.We all know what we should do for username and passwords (unique, impersonal, complex, ever-changing and memorised) but few people can remember dozens of different complex passwords and so resort to writing them down, using the same password for everything and making it extremely easy to guess. In short, we make it too easy for hackers to acquire our login details.
Those of us with complex passwords often render their complexity void by using the same password for multiple sites because we think it's safe. In reality, we're giving hackers a ‘buy one, get 24' free deal. They only need to trip us up once to get access to all of our online data. However, even with our complex password, unique each website, we are tripped up by keyloggers and Trojans that infect our PCs and give away our secrets.
Even the forgotten password process is flawed. Once they know a few answers to our secret questions, hackers can get into our email. So that someone who has the secret question of "What primary school did you go to?" can be caught out by the information in their Facebook profile.
Banks and online retailers have started to tighten up security in an attempt to reduce fraud, but these attempts often present their own security challenges.
The "Verified by Visa" scheme, which aims to decrease card not present fraud, means the user has to remember more passwords for each card they have under the scheme, and is even easier to hack than online email accounts. All you need is the users' date of birth, again something that a lot of people tend to share on social networking sites.
A more secure method of online banking is being introduced by Natwest and Barclays, as well as a password, the account holder use a device which generates a random number in order to access the banks services. This is inherently much more secure because the hacker will need access to the device, but how practical is it?
Perhaps the future of online identity, and its security, lies in creating one passport style online account which allows us to access all websites that require a login. Whilst, this eliminates the need for us to remember reams of unintelligible passwords, it also comes with its own security risks and privacy concerns.
So we need to ensure that this logon comes with extra security requiring a token or maybe, if the technology can be mastered, biometrics. In the end, it does seem that username and password is causing untold problems.