| Page 2 of 2 < |
Access Denied
|
TOOLBOX
   Resize
COMMENT
 Discussion Policy
 CLOSE
Comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions. You are fully responsible for the content that you post.
Who's Blogging  |
"You've got three chances to remember what you did," he said. When he couldn't, the site blocked him and he was forced to fly another airline.
Password management has become such a problem that it has spawned a small technology sub-industry.
Dozens of companies such as Siber Systems Inc. in Fairfax make software that consolidate various passwords under a single master password. Siber Systems, for example, has a program called Roboform that automatically unlocks all the sites users visit, by consolidating all log-in information into one master password. (Even password management has its limitations. If users forget the master password, they're simply out of luck and must re-register.)
Sites like Bugmenot.com have surfaced in response to the frustration of having to register for an account just to read a news story, for example. That site lists generic usernames and passwords that anyone can use to gain access, as well as a system that allows users to note whether the name and password worked or not, keeping the list fresh.
Many users permit Web sites to send cookies, or small bits of identifying information, back to the computer so the site remembers when a registered user returns. Many password-protected sites also anticipate the need and offer "forgot your password?" links that e-mail the password, or send a new one, to the user's e-mail address.
In the future, biometric markers such as fingerprint scanners -- some of which are on newer computers -- might be the future of solving the problems of password protection, some security experts say.
Acquiring someone's password by masquerading as someone who has forgotten one is often the pretext criminals use to obtain private information -- a major security problem that's entered the limelight in recent weeks.
Password fatigue has created a rich environment for identity exploitation, said Robert Douglas, an information security consultant. Reinstating customers like Gammel -- rightful users who get blocked from accounts after failing to enter the correct password -- creates a problem for companies, which then need to authenticate a customer's identity through other means.
"Look: I can't remember all these PINs or passwords, and I'm about to get on a plane" a criminal might say to a call-center operator to cajole them out of a password, said Douglas, a former private investigator who researches non-technical methods people use to hack into private information. Often, the only additional information the hacker might be required to provide is easily obtainable biographical facts like the last four digits of the account holder's Social Security number, or their mother's maiden name, he said.
"We live in a generation that wants instant access, and they want it yesterday ," he said. "Companies don't want to anger a real customer" who might have forgotten a password, he said, but in accommodating that request, they might be giving information to a criminal.
