Online Security & Identity Theft
Each day computer users like yourself, log in to computers and websites that require information that will positively identify them to the authenticating system. In most cases that information consists of a user ID and a matching static, reusable password or personal identification number (PIN).
Unfortunately, this is also the least secure form of authentication available and the one most vulnerable to attack. Because remembering arbitrary information can be difficult, users often write their passwords down or choose passwords that have some meaning to them, such as the user's birthday, name, nickname, spouse's or pet's name, etc. and can therefore be guessed. Commonly used words can be discovered using dictionary attacks while in the case of numeric passwords, brute force attacks can discover it.
Encryption not always effective
In addition, use or transfer of this identifying information creates security risks for several different reasons. While traveling over a network, the information could be intercepted by unauthorized individuals who can subsequently use it to assume your online identity and illegally obtain access to personal or financial information. The use of secure communication protocols improves security by encrypting the information being transmitted, making it virtually impossible for others to use such intercepted information. Generally, secure communications can be identified by the letters https:// in front of the website address and a closed lock symbol in the status bar of your browser. Unfortunately many authenticating systems do not use secure protocols, leaving your personal information vulnerable to attack.
Increasing threat of spyware
The most significant security problem however is the growing threat of spyware and particularly key loggers, software that is installed on your computer without your knowledge or approval and that captures the information you type on your keyboard.
Even if you are logging in to a secure website, where communications between your computer and the website are encrypted, the presence of this type of software is not going to provide any security at all, as your information has already been captured while you were typing it, before it was encrypted.