Just how secure are your passwords? While a simple "12345" may be easy to crack, for motivated hackers, even those who create complicated passwords could be at risk.
Recently, a security company rated the top 100 e-commerce sites on their password requirements, using numbers, upper and lower cases, and special characters. Apple got a perfect score, followed by Microsoft. Target tied for fourth and Best Buy ranked 11th. Yet, the password strength may not even matter since many of the biggest sites have a loophole just about any hacker can exploit.
In the digital age, it's safe to assume someone is always looking over your shoulder, even if it's just while using the Wi-Fi network at the local coffee shop.
Computer security expert Mark Lanterman demonstrated how, with just $100 worth of equipment and the knowledge of a 17-year-old hacker, he could cherrypick passwords from websites maintained by big retailers -- including Apple, eBay, Amazon and Target.
Lanterman discovered the same flaw in the MNsure website, which took the state weeks to acknowledge.
"The bad guys already know about this," he warned.
In fact, the vulnerability was demonstrated at the notorious hacker convention, DEFCON, in Las Vegas. Here's how it works:
1. The crooks set up a Wi-Fi network with a familiar name.
2. When people sign in, the hacker intercepts the password with a modified router that prevents encryption.
3. In the jumble of code, passwords can be found.
"This is a flaw that could easily be fixed," Lanterman said. "We've worked with a number of organizations."
Best Buy and several banks have taken steps to close that loophole. In fact, Lanterman says Best Buy's website is far more secure than Apple, Target or Microsoft. Yet, he says the problem is that many retailers are more concerned about making it easy for shoppers to spend money than they are concerned with making it hard for others to steal information.
"This has nothing to do with convenience," Lanterman said. "This has to do with missing a wide open barn door when you're building your web page."
Anyone wondering how they can protect themselves can do something simple. Just go to the address bar and add an 's' after the http. That will help make a more secure transaction. Additionally, smart phones and tablets don't' seem to be as easy to compromise.