#2. We've Put 500 Million Eggs in One Basket
In early December 2010, anybody who had ever interacted with a Gawker blog had his login details leaked to everybody. If you don't see what the big deal is, you have to remember how many people use the same passwords across almost every site they visit. You can't blame them -- today you might have three dozen sites you need logins for. It's impossible for most people to retain that many passwords, even if they never change them. (Note: One trick is to use the same password but create permutations based on something you remember about the site, so your Cracked password could be "eHttRfwu;estteBatman."
No one expects the goddamn Batman.
The bigger problem is that we're moving the opposite direction. People want one login that gets them into all of their favorite sites, and Facebook is there to give it to them. Many of you already use Facebook to log in to Cracked.
The danger, of course, is that if somebody gains access to your account on Facebook, he's unlocked your account and private information on every site you have or could connect to it.
Above: How most people handle online security.
As the number of sites that let you do this goes up, the jackpot payoff for breaking into the databases of these high-profile sites goes up with it. In an online landscape where sites can double and quadruple in size in a matter of days, it's going to be almost impossible for these sites to grow as quickly as the size of the target on their forehead. All it takes is one screw-up by a major content provider, such as AOL's infamous 2006 distribution of every search made in its browser over a three-month span, or a compromise of a powerful employee, such as Facebook director Jim Breyer, whose account was taken over by spammers in May 2010, and they've just broken into more vaults than all the Ocean's Eleven movies combined.
Even if Facebook and other third-party login sites (such as Twitter) were built like brick houses against all the big, bad wolves the Internet can muster, there's still one ubiquitous point of failure that's already ingrained itself into the fabric of the Web: email.
You might have heard of it.
Not only does a hacker who can access your gmail, or worse yet, hotmail now have the ability to reset every Internet account you've ever associated with it (possibly every account you've ever had), if Google or Hotmail falls victim to any number of common vulnerabilities, you and every user of their services are up shit creek. And since most email accounts are spread out over a handful of companies, that could number in the hundreds of millions.
#1. You Have to Give Access to Someone, and That Person May Hate You
The problem, in the end, is human nature. Even if some day we have computers that can outright scan our eyeballs to determine who we are before allowing us to click an icon, it won't matter unless they also can read minds. Every large system has to give access to a lot of people, and all it takes is for a single one of them to turn on us when we're not looking.
For instance, FBI Agent Mulder's password on The X-Files was "trustno1." Not a bad motto when it comes to computer security, both in the real world and one where the goalie from The Big Green turns out to be a vampire.
But that motto should have extended to the shadowy government conspiracy Mulder was after. Here you have Mulder actively trying to bring them down, yet they continued to let him have a job that gave him access to the FBI's computer network and database.
That's not the stuff of fiction, either. Heard of WikiLeaks?
Consider the chain of events that led up to the information security meltdown of every major institution in the world: Because of some terrifying technical vulnerabilities that keep turning up on the Internet, the Department of Defense just plain made itself a new, more secure Internet called SIPRNet, which only people in the intelligence community can access. Problem solved!
Well, after 9/11, suddenly we had tens of thousands of people working all over the world, needing to coordinate and share information. So access to this secret network was expanded. One of the roughly half a million people with access to SIPRNet was Bradley Manning, the disgruntled soldier who allegedly sent the secret military documents to Julian Assange and WikiLeaks.
Our military has lasers that can destroy tanks ...
His "hack" of the system apparently involved bringing in some writeable CD-RW disks and claiming they were music. He'd stick them in the CD-ROM of his work PC, hum as if he was listening to Lady Gaga and dump thousands and thousands of pages of classified documents onto the disks.
But one of these and the tiniest bit of cunning imaginable can bring the whole government to its knees.
We're talking about maybe the single most well-funded and powerful organization in the world, spending millions creating its own freaking private Internet, all undone by human nature.
It won't be the last time.
Stuart P. Bentley is a programmer laying low in Redmond, Wash. He has a website at TestTrack4.com.
If you don't trust Cracked with your password, you can always get our articles in book form.
For more ways we're totally not safe at all, check out 5 Popular Safety Measures That Don't Make You Any Safer and The 5 Most Popular Safety Laws (That Don't Work).