Reusing ID and password is dangerous, "inventory" of the account, such as "inventory"
The Independent Administrative Corporation Information Processing Promotion Agency (IPA) calls attention as being dangerous to reuse ID and password, and introduces the 2010 information security slogan contest prize, "I know only the password." is doing.
When using multiple online services, it is easy to use the same ID and password because you can't remember or manage different IDs and passwords.However, if account information leaks in one of them, there is a risk that other services will expand in chain.
This time, the IPA has been warned of over 100 million account leaks from April to May.In particular, in this case, the amount of information leaked is large, so it is likely that the information of users who reused the same ID and password on other sites is high.
| ID・パスワードの使い回しによる危険(IPAのプレスリリースより) |
The IPA is based on the basics of spoofing measures, a) password enhancement, B), and C) Appropriate use of password -explains that no one should be neglected.
A) Assuming that it is to use a password that is hard to be broken, "combines all of the characters that can be used, such as alphabet (uppercase, lowercase letters), numbers, and symbols," "Eight or more characters", "Dictionary".We are seeking to meet the three conditions of "avoiding names (people names, place names)".
B), when writing a password, we recommend that you separate it separately from your ID, and to regularly invent your account.Leaving an old ID will increase the risk of breaking your password over time, so you'll want to release a service that is not used by inventory.
C) states that PCs and passwords are not entered on PCs used by an unspecified number of internet cafes, and services such as one -time passwords (two -factor authentication, two -step authentication) are used.
| なりすまし対策の基本3点(IPAのプレスリリースより) |
In addition, there is a key logger virus that steals IDs and password input when logging in to online services, so even if these three measures are taken, of course, the introduction of virus measures software, OS and application software vulnerability countermeasures.It is essential.
He explained that web browser has the function of storing ID and password, but some viruses steal the saved information.In order to reduce such risks, the IPA recommends that web browsers do not store IDs and passwords.