Hotmail Phishing Attack Shows Dangers Of One-Password Scheme

If there's two things that the discovery of tens of thousands of compromised email accounts showed us is that phishing is unfortunately common and that having one password that gives access to a number of services is nothing short of perilous.

All of the big three big internet companies - Microsoft, Yahoo and Google - have created competing single sign-on services that allow users to log in to many websites using one account.

Microsoft's Windows Live ID (formerly known as Passport) controls your MSN Live Messenger, Hotmail as well as dozens of other Microsoft-based services. Ebay, Monster and others were part of the network but later left the Passport Network.

The company is also looking into becoming an openID provider, promising to its users that they would be able to use their Windows Live ID account to sign in any OpenID website including Plaxo or Twitter for example.

Yahoo has already established a working relationship with Open ID and has already linked its Yahoo ID system to the popular third party open technology standard.

Google goes even further and links your search history, your blogging account (if you have one on blogger), your credit card details (on Google Checkout), your documents, adwords account and fairly soon, your phone numbers.

Furthermore, more often than not, you will be able to access the same account from different computers without the service providers flagging it up to the users. For example, your Gmail account can be left opened on your home computer and your work computer at the same time.

This makes the detection of any potential email hack very difficult, given the fact that criminals are likely to make sure that they cover their tracks in order to avoid being found out.

Our Comments

Using one password for many services is an unfortunate result of the rising number of websites that requests that you sign up with them. To some extent, browsers that save your password automatically is a boon but even this can be a cause of trouble.

Related Links

Change Your Gmail, Yahoo, AOL Passwords Now!

(Businessinsider)

Over 30,000 email accounts compromised in industry-wide phishing scheme

(Techspot)

20,000 Hotmail passwords exposed

(USAToday)

Gmail, AOL and Yahoo email logins posted online in phishing scam

(Guardian)

Thousands of Hotmail passwords leaked online

(Neowin)