Your email. Your bank account. Your address and credit card number. Photos of your kids or, worse, of yourself, naked. The precise location where you’re sitting right now as you read these words. Since the dawn of the information age, we’ve bought into the idea that a password, so long as it’s elaborate enough, is an adequate means of protecting all this precious data. But in 2012 that’s a fallacy, a fantasy, an outdated sales pitch. And anyone who still mouths it is a sucker—or someone who takes you for one.
No matter how complex, no matter how unique, your passwords can no longer protect you.. (Wired Magazine: Kill the Password: Why a String of Characters Can’t Protect Us Anymore)
In a shocking article written by a person who can only be called a computer superuser, he explains why Internet security has finally become a myth
First off, most of us commit fundamental mistakes with passwords. Some people even use "password" or "123456" as their password. This means the bad guys hardly even have to guess. They'll try those first and be correct often enough to make it worth their while.
We're told passwords need to be long and random and include upper- and lower-case letters, numbers, and even punctuation to be safe, but with the processing power available using today's personal computers, cracking even elaborate passwords is possible.
And even where a password is long and effective at thwarting even automated guessing, the bad guys can simply get on the phone and trick a customer service person into giving it up. All they need is one or two facts about you. Sometimes the bad guys bluff their way into an account with no information at all! They change the password and then rummage around for information they can use to bluff their way in more easily to some of your other accounts.
One mistake many of us make (and sometimes are forced to make) is to log into some site using our Facebook or Twitter login. This linking of accounts has made it much easier for the baddies to take over or modify to their benefit everything you value online, obtaining credit card numbers, your bank account login and pin, If they are pranksters, they could log into your Facebook account and leave offensive racist or sexist posts.
Back to passwords for a sec. The usual advice was not to reuse passwords on multiple sites and to make them long and hard to guess. They also told us not to write them down. I'm reminded of that poster you often see in print shops: "You want it good and cheap and fast? Pick two and call me back." Even one long and elaborate password would be hard to recall without writing it down, but most of us have at least a half dozen sites requiring passwords. It's become impossible to follow the best password advice.
But what about fingerprint or iris scanning? They have a big problem. There are ways to copy and use them. If a crook or prankster figures out how to duplicate your fingerprint or iris pattern, you're screwed. At least you can change a password.
Even if all that stuff worked, there are so many ways to go around the front end straight to back end of a computer system. A baddie can install software to record information over a period of time that could be short or long and then use that information to the detriment of one or hundreds of thousands of people. For example, it could collect credit card numbers given to an online merchant and then sell them to the highest bidder or, if he's a prankster, dump them on any of the sites where password trading goes on.
You can find out more about this topic by pursuing the link following the italicized paragraphs at the top.