O negócio das passwords do GMail, Hotmail, et al
Tom Jackman, no Washington Post:
"Web Based email password hacking or cracking is one of our all time favourite and unique hobby," write the folks at YourHackerz.com. It's not clear where YourHackerz.com is located, but experts suspect that most of the businesses are based overseas. "We will provide you with the original Passwords. No questions asked whatsoever. Payment only after you are CONVINCED. 100% guarantee of Cracking. Total privacy of your information. No legal hassles."
E como até já sabemos há muito tempo:
Experts said there are numerous ways to steal someone's e-mail password, from simply guessing at family names or pet names to high-tech infiltration. The most common way is to send the target a link to a greeting card or something else they might specifically be interested in. When the target opens the link, software is installed on his or her computer that snatches the password the next time it's typed in and sends it to the hacker. Web-based e-mail, such as Google's gmail and Yahoo, can also be attacked through bugs in the Web browser, Eckersley said.
O que será preciso acontecer para adoptarmos autenticação forte, com dois factores, para acabarmos de uma vez com estas fragilidades? O problema das passwords é conhecido, os riscos não são irrelevantes, e existem soluções para os mitigar. Para quando?