Why Passwords Are a Weak Cyber-Defense

Password-based log-ons are susceptible to being compromised in any number of ways. Consider a single threat, that posed by phishers who trick us into clicking to a site designed to mimic a legitimate one to harvest our log-on information. Once we have been suckered at one site and our password purloined, it can be tried at other sites.

The best password is a long, nonsensical string of letters and numbers and punctuation marks, a combination never put together before. Some admirable people actually do memorize random strings of characters for their passwords -- and replace them with other random strings every couple of months.

Then there's the rest of us, selecting the short, the familiar and the easiest to remember. And holding on to it forever.

I once felt ashamed about failing to follow best practices for password selection, but no more. Experts in computer security say that choosing hard-to-guess passwords ultimately brings little security protection. Passwords won't keep us safe from identity theft, no matter how clever we are in choosing them. ... Go to source