Slashdot Mirror

← Back to Stories (view on slashdot.org)

Everything You Know About Password-Stealing Is Wrong

Posted by timothy on from the but-password-stealing-is-wrong dept.

isoloisti writes "An article by some Microsofties in the latest issue of Computing Now magazine claims we have got passwords all wrong. When money is stolen, consumers are reimbursed for stolen funds and it is money mules, not banks or retail customers, who end up with the loss. Stealing passwords is easy, but getting money out is very hard. Passwords are not the bottleneck in cyber-crime and replacing them with something stronger won't reduce losses. The article concludes that banks have no interest in shifting liability to consumers, and that the switch to financially-motivated cyber-crime is good news, not bad. Article is online at computer.org site (hard-to-read multipage format) or as PDF from Microsoft Research."

5 of 195 comments (clear)

  1. Re:The hell it doesn't cost consumers! by Culture20 · · Score: 5, Insightful

    Not only that, but your reimbursement had to come from somewhere, and it's not the CEO's pocket. It's everyone else's pockets in increased fees.

  2. Re:The hell it doesn't cost consumers! by SilverJets · · Score: 5, Insightful

    Not only that, but your reimbursement had to come from somewhere, and it's not the CEO's pocket. It's everyone else's pockets in increased fees.

    THIS.

    As well as increased insurance costs. The authors of the article are rather dense if they honestly think that the costs of reimbursement are not passed down to consumers.

  3. Re:The hell it doesn't cost consumers! by Anonymous Coward · · Score: 5, Insightful

    That's exactly what TFA says. Banks like the fear of lost passwords, because they can use that fear to their (profitable) advantage:

    "When perceived risk is greater than actual risk it can be protable to absorb the risk and charge for it. Rental car companies are not merely willing, but anxious to accept liability for any damage to the car for $35 a day; various companies aggressively market identity theft protection for $12 a month. Banks enjoy a huge information advantage over consumers: they know how much fraud costs them, while consumers merely hear horror stories of cyber-crime losses. Passing liability to consumers...would seem to be wasting a protable opportunity."

  4. Re:I think the article misses the point by MozeeToby · · Score: 5, Insightful

    I think what they are getting at is that criminals have access to X passwords and Y mules, where Y is significantly less than X. Lets say they have 10,000 passwords for every mule that they have, and each mule will perform 10 transactions before they are caught out (or catch on, depending). That means you could reduce the number of leaked/grabbed/cracked passwords by 99% and still have the exact same amount of financial crime; and none of those numbers seem all that far outside of the realm of possibility to me.

    But that is about overall crime and statistics. You can still lower your risk of being a victim by choosing strong passwords, keeping a clean pc, etc.

  5. Re:The hell it doesn't cost consumers! by thePowerOfGrayskull · · Score: 5, Insightful

    I've disputed several inaccuracies on my credit report, and had most of them removed without further fight.

    I'm not saying 60 minutes is full of shit, but ...

    60 minutes is in the business of selling scare stories. A little bit of cherry picking goes a long way.