Sunday, March 21, 2010

Too many people use crackable passwords -- a downstream liability issue for home users?


AOL offered its subscribers an article today “Top 10 Passwords you should never use,” link here.

Believe or not, some people have used “1” as a password.

The article also discusses what hackers typically do when they get access to a home personal computer (or a work computer for that matter). Most often that is to configure the computer for back-door entry later for use in botnet (often distributed denial of service) attacks. Other more sinister uses can be imagined, such as c.p.

Generally, the literature says that home users are not liable (at least criminally) for misuse of their machines by hackers, but the law could change in the future and more responsibility could be placed on users (such as an “Internet driver’s license”). Conceivably (as has happened a few times discussed on this blog) charges could be brought and the victim could, in a practical sense, be viewed as guilty until proven innocent and incur huge legal defense expenses.

At work, employers often hold associates and contractors responsible for misuse of their computers by outside forces (or even other employees – I remember an employer in the 80s with a strict “log off” policy on the mainframe). Employers often force associated to change passwords periodically and test them with password crackers.

No comments: