Yahoo recently reported the theft of some 400,000 user names and passwords to access its website, acknowledging hackers took advantage of a security vulnerability in its computer systems.
The Mountain View, California-based LinkedIn, an employment and professional networking site which has 160 million members, was recently hacked and suffered a data breach of 6 million of its clients and is now involved in a class-action lawsuit.
These sites did something wrong that allowed those passwords to get hacked. However passwords themselves are too hackable. If multi-factor authentication was used in these cases, then the hacks may be a moot point and the hacked data useless to the thief.
"2,295: The number of times a sequential list of numbers was used, with '123456' by far being the most popular password. There were several other instances where the numbers were reversed, or a few letters were added in a token effort to mix things up."
"160: The number of times '111111' is used as a password, which is only marginally better than a sequential list of numbers. The similarly creative '000000' is used 71 times."
Second: spyware, malware and viruses on a user’s device can easily record passwords. Which means this username (which is often a publicly known email address) and password is easy to obtain from an infected device.
The numerous scams which entice users to cough up sensitive data is a proven con that works enough to keep hackers hacking.
Multi-factor authentication, which your bank uses is far better and more secure and it requires a username, password and “something you have”—a personal security device separate from the PC
While additional authentication measures might be a burden to some, it’s a blessing to others who recognize the vulnerabilities of their online accounts otherwise.