The authentication that is required by multiple servers and services means that we are constantly entering passwords for access to our domain, to other domains, to resources, to applications, to Internet sites, to Internet authentication services like Microsoft Passport, and so on. At the very least, passwords and your usernames can be challenging to remember, and at worst they can offer an avenue for someone with criminal intent a means to use your credit card and to even adopt your online identity. We have all heard stories about how easy it is to have our identity hijacked, and it is a serious problem. There are however strategies that you can use that will help make it harder for the bad guys to get you.
Your first line of defense is to use a password that isn't a name, word, or meaningful date, and to change your password on a regular basis. This can minimize the amount of damage anyone can do. Do the AOL thing and put two words together, or substitute letters for numbers and visa versa. Consider having a set of passwords that go from a very specific privilege like logging you onto eBay to another password that is used for a particular credit card. Since credit cards are a particular problem, it's a good idea to limit your usage of credit cards online to one or perhaps two credit cards.
A recent book called "Hack Proofing Your Identity in the Information Age" by Terry Bidwell and Syngress Press (ISBN 1-931836-51-5) describes this problem and potential approaches
Barrie Sosinsky is president of consulting company Sosinsky and Associates (Medfield MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web related), training and technical documentation.
This was first published in August 2002