Opinion: Culture of indifference plagues password security
I strongly suspect I'm being hypocritical again. When asked about the difference between passwords and super-duper high-security cryptographic authentication protocols, I can wax quite lyrical about how tools such as L0phtcrack have made the password a thing of the past. I will stand with my consulting colleagues and explain that the fast-paced demands of the modern e-commerce-enabled business world have rendered cryptographic authentication a bare minimum.
There. Can you tell I was trained by management consultants?
Compare and contrast this with my attitude toward credit cards. I'll happily give my credit card number out over the phone, give it to unknown waiters who promptly vanish into a back room, or even leave carbon copies of Visa invoices with market traders. All terribly dangerous behavior, I'm sure you'll agree. It's a wonder how I've managed to avoid being on the receiving end of some nasty credit fraud. No doubt every card-fraud professional reading this is drawing in their breath with a little 'tsk' noise and knowingly saying to themselves that it's only a matter of time before the statistics catch up with me.
Flirting With Danger
It's not just my lackadaisical approach that's to blame here: Retailers seem to be equally careless. I've been conducting a little experiment during the past six months, ever since I first noticed that the signature on my credit card was so worn as to be completely illegible. I was going to get a new one, but then my curiosity began to get the better of me and I decided to see how long I could get away with a card that could belong to just about anyone.
In six months, I've been questioned five times, and I've never had the card refused. Four people asked to see another copy of my signature, so I showed them the signature on the back of another card. The fifth person went that little bit further and made a basic check to see if the names on the two cards matched. I'm told that we're much more conscientious about credit card security in Europe than in the U.S., so I can only guess at how easy card fraud is over there.
This squares quite well with a piece of research conducted a few years ago to test how well photos on credit cards worked. The researcher split a team of students into three groups and gave each of them new credit cards with identification photos on them. One group had cards with their correct photos on them; the second group had cards with photos of random people; the third group had cards with photos of famous or infamous people -