An attacker can gain
access to multiple assets of yours all at once. This attack does
not even need to set up a phishing scam to be successful. An
attacker may simply run a low-value service and try to reuse the
credentials saved in his user store to see whether they are suitable
for accessing higher-value services. Another consequence
Credential proliferation
makes life
dif?¬?cult for users
The same password
is often used with
many different sites:
Once stolen, access
to all the sites is
compromised
Passwords: Ascent and Decline 35
is the low tolerance for the act of typing in credentials. Because
we have to do it so often, we welcome whatever shortcut can
save us the hassle regardless of the risks it involves. Persistent
cookies and automatic form ?¬?llers are good examples. Although
they are not necessarily a bad thing per se, they can blur the line
between authenticated and unauthenticated sessions and promote
careless behaviors.
The list could go on and on. Perhaps the worst thing is that being
far from our cozy local network exposes our data to all the
tricks in the book: that is to say, all the attacks described in
???Malware and Identity Theft??? and more.
Pages:
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84