Matt Honan, a senior writer at Wired magazine, has written two recent articles, on how several of his online accounts were hacked and taken over with the loss of much personal data . As someone who is an advance user of consumer technology and a keen observer of online developments, his insights and warnings should carry much weight for the rest of us.
He discovered how much of the hacking was carried out from actually speaking with one of the perpetrators. Apparently, the door was opened for a series of intrusions, by what is term "social engineering". Meaning that an interaction with a real person was used to deceptively acquire the needed private information. However, the devastating extent of the hack was made possible by the his various accounts being linked. This facilitated the use of data discovered in one account, to be used with that found in another, to further compromise other linked accounts.
In the second article Mr. Honan identifies the inherent weaknesses in the widespread use of online passwords, as the central and fatal weakness in our online authentication infrastructure. He says that passwords, even very complex ones, can no longer protect users online.
He mentions the reoccurring losses and theft of online user ID and password files from organizations. Also the near universal use of an email address as a user name, makes the fraudulent use of the password re-set procedure, another easy route to compromising a personal account.
Planting malware on our computers can also send our data to other people. As more of our applications are moved into the Cloud of the internet, many more of our important transactions like banking, emailing, storing photos and documents, become even more vulnerable to hackers and thieves.
Mr. Honan says that what happened to him can happen to any one of us. And may become more frequent and widespread, if users and providers don't start moving away from the over-reliance on passwords and even backup questions, to provide security for our online activities.
But newer more effective techniques may ironically require us to surrender even more personal information as we move to behavior- based identification and authentication. Which will monitor patterns for anomalies that flag potential dangers. It may mean a substantial trade off of privacy and convenience for better security. It seems like we don't win in this scenario but at least we may not lose as big, as Mr. Honan did.