I got nervous recently about passwords on the Internet. If you know me, you know that I am not like that – in fact, I laugh at people that are so paranoid. But listen, I know that I used to use the same password for almost everything (except financial data – which had a different password. But they, too, were the same for all Internet financial sites.) My problem lies in the fact that I, as well as many, do in fact use the same password for all the sites they register to, for all of the services like AIM, email and more. This is crazy when you think about it.

What if the creator of the site wasn’t as good hearted as I would expect him to be? What if he didn’t (alert: computer dork speak) hash the password into the database using somethign like an MD5 hash or even a secure algorithm like RSA. What if he, instead, stored the password as a plain-text word in his database. Well he, or anyone working on the site, would have access to that password. That’s kinda scarey. I can’t vouch for the many sites that are around. I only trust myself with my one financial password. I am hoping that I do not cross a less than honest financial website.

I guess my warning is this: if you are going to keep the same password for everything, then PLEASE change it at least once a year… if not more frequently.

I guess my warning is this: if you are going to keep the same password for everything, then PLEASE change it at least once a year… if not more frequently. If someone found out your password, they could get basically anythign they wanted. What lead me to also worry ws the fact that my screenname is available on most sites: floundies. So my username is the same on almost any site that I need to log on to (90%). That’s already giving any hacker 1/2 of the information that they need! It is for this reason that I have started changing my passwords around every 2 months. Hmmm. This sucks.

This still leads me to want to create an Internet-wide username database. It’s a way of securing your *one* identity and would be used in a standardized fashion. You could change one password instead of changing 100 passwords. Shit like that. It’s a good idea, but practically infeasible. There’s no way of getting *every* site involved in this idea. At least I can’t think of any. I liked what Microsoft was trying to do (yes, I know… it is MS) with their Passport idea – it is something of the same idea. It kind of died down, but I thoguht it was neat. I only wish it was on a username basis and not on an email-as-username basis. Ho hum.