If you didn’t know it already, the internet age has a major achilles heel. It is called identity theft. ID theft boils down to someone taking your credentials, and using them for whatever pleases them, which usually means they abuse it for criminal affairs. Many companies and governments deal with ID theft as if it is the fault of the client, not theirs. This is weird because ID theft is usually carried out without the knowledge or consent of the owner of that ID.
So basically it’s left up to the us consumers/citizens to deal with the burden of proof, the fixing and the aftermath of ID theft. This is a very bad thing because the owner of the ID is often left without many means to prove the theft, but in the meantime he or she has to bear the burden of proving the injustice. Prevention is therefore the best cure. The question is: how?
A couple of ways that I can think of:
- Introduce spelling mistakes in passwords. This is a simple means of bypassing dictionary attacks for the time being. You password would still have to be long enough, but it might up the difficulty for the crackers for the next two years or so.
- Run your own server with a custom auth system, so your mail cannot be hijacked.
- Do not let anyone store your credit card details. Credit card details are used to pay for stuff for the thieves, but also as a means of identification. Contrary to what they say, most companies are really careless with your CC details and will easily share them with ID thieves through social engineering, leaving you out in the cold and with a huge bill to pay.