Good Bye Username and Password

There isn’t a damned thing safe anymore in cyberspace. Each day’s
news brings another horror story. Business and government are pushing
aside the Russian mafia in efforts to remain #1 in giving away the

What more appropriate time to talk about the Trick or Treat of usernames and passwords than Halloween?
There isn’t a damned thing safe anymore in cyberspace. Each day’s
news brings another horror story. Business and government are pushing
aside the Russian mafia in efforts to remain #1 in giving away the
Ellen Nakishima reports in the Washington Post

have been breaking into customer accounts at large online brokerages in
the United States and making unauthorized trades worth millions of
dollars as part of a fast-growing new form of online fraud under
investigation by federal authorities.

E-Trade Financial Corp.,
the nation’s fourth-largest online broker, said last week that
“concerted rings” in Eastern Europe and Thailand caused their customers
$18 million in losses in the third quarter alone.

just the losses in the online brokerage business and, if past
experience is any indicator, the actual amount gone south is probably a
multiple of that 18 mil. The banking industry won’t tell us what hacker access into private accounts costs, lest we send back those juicy and profitable credit-cards that access our bank accounts. Juicy as in ‘juice,’ the mobster moniker for excessive interest, but that’s another story.
Allowing the banking industry to charge 18 to 36% interest when the
prime rate is 8.25% would presume, at the very least, a level of
credit-card security that simply is not there. Nakishima further reveals

scams typically begin with a hacker obtaining customer passwords and
user names, experts said. One way is by placing keystroke-monitoring
software on any public computer in a library, hotel business center or
airport. With the software, all keystrokes entered on the computer can
be recorded and e-mailed anywhere in the world.

said all hackers have to do is wait until anyone types in the Web
address of E-Trade, Ameritrade or another online broker, and then watch
the next several dozen keystrokes, which are likely to include
someone’s password and login name.

The hardware we have come to depend upon, such as

  • Cell phones
  • BlackBerry type wireless communicators
  • Laptop computers

and a plethora of soon-to-be-announced extensions of our cyber-lives are putting us increasingly at risk.’s Special Report on Cyber Crime lists a dismaying number of subject titles

  • FBI: Companies Need to Report Cyber Attacks: An assistant
    director of the FBI’s New York City bureau tells IT security
    professionals that more needs to be done to report hacking and other
  • Phishers Target Financial Institutions: Experts say phishing schemes remain an extremely troubling threat, specifically for financial services companies.
  • Is the Botnet Battle Already Lost?: Botnets have become a big underground business, and the security industry has few answers
  • Botnets Are Taking Over the World: In this eWEEK Podcast:
    Botnets are taking over the world; Microsoft shuffles Windows division
    deck and makes changes to Vista to appease the European Union and South
    Korea; Peter Coffee says some of the smartest people in the world are
    working for the Dark Side
  • Cyber-Thieves Targeting Smaller Retailers: As large c-commerce
    sites pour millions of dollars into security and enterprise-league
    hardened POS systems, cyber-crooks have been giving more attention to
    much smaller and less well-protected merchants.
  • Googling for ATM Master Passwords: Using clues obtained from a
    YouTube video and a simple four-word search engine query, a criminal
    can find step-by-step instructions on how to hack into and take control
    of thousands of cash-dispensing ATMs.
  • Hackers Hit AT&T System, Get Credit Card Info: About 19,000 customers of the telephone company’s online store are affected by a weekend computer break-in.

None of which is likely to increase your degree of confidence.
Usernames and passwords only suggest security
and keep out the riff-raff. In the meanwhile, a multi-billion dollar
worldwide theft business thrives that puts the old bank-robbers to
shame. John Dillinger is famous for saying, when asked why he robs
banks, “because that’s where the money is.” These days the money is elsewhere and can be taken without guns, getaway cars or even risk.
There are solutions. Google Checkout has just introduced a secure method by which they keep your credit-card info and all their registrants need do is hit the Google Checkout logo to purchase safely from online retailers who offer the service.
Which is a sort of just-in-time solution for the more than 50% of web browsers who are afraid to actually buy online for fear of credit-card fraud. 
Other solutions are more disruptive, as well as expensive. It is possible to encrypt almost
anything, including keyboards, so that keystrokes cannot be monitored.
Passwords to boot up a laptop or PC can be encrypted as well. Thus a
stolen or lost machine could (presumably) not be accessed, at least by
casual means.
Ultimately we’re looking at the demise of usernames and passwords. The
bigger question is how spectacular the losses must become before
industries change or consumers junk it all and start to pay with cash.

The cashless society may not be as close as the banking industry would like.
Other mentions of computer security;

1 thought on “Good Bye Username and Password

  1. Never truer words spoken.
    But the consumers aren't the only ones that fear on-line credit card fraud. E-Commerce merchants are fearing it more and more too. After all, on-line merchants bear the costs of on-line fraud, not the issuing banks, not the processors that are claiming to do the fraud screening; not even the credit card companies.
    At we have over 3000 E-Commerce merchants that hear horror stories almost on a daily basis in the email alerts we send out.
    And speaking of goodbye username and password… start saying goodbye to swiping a credit card and entering a PIN or signing your name. RFID cards will be coming to a store near you in the near future. Some have the technology in place already – so the consumer can save about 10 seconds on a transaction. Nice in theory except that the bad guys can read those cards while they're still in your wallet or purse. The card companies deny it but the security companies that test the technology have proven otherwise – time and time again.
    The card companies' rationale for pushing the technology? It's that 10 seconds of time savings for the hapless consumer that has them and the fact that consumers tend to spend more with them because it's so easy! At Merchant 911, there seems to be a consensus that when the cards are delivered to us as cardholders, we'll put 'em the microwave for about 15 seconds and fry that damn RFID chip so they can't be read by anyone within a few feet of us.

Leave a Reply

Your email address will not be published. Required fields are marked *