Password Mess with SPPIf you look around, you will find incidences, like cyber attackers breaking into computer systems and extracting data including usernames and passwords from the Internet, have become regular today. In a cybercrime survey by Symantec over 7000 Internet users across 14 countries, it has been discovered that 65 percent of Internet users worldwide have already been victims of cybercrime. The one common flaw that is found in these hacks is the password.

Today, most people have several accounts on the Internet, which are protected by passwords. For instance, one may have an email account on Gmail.com, a banking account on icicibank.com, a travel account on makemytrip.com, and so on. According to research firm Forrester, a typical Internet user maintains an average of 15 passwords on a day-to-day basis. This number is likely to grow more and more with the increasing number of service providers on the web. Research studies demonstrate that an individual can maximum remember 4 to 5 passwords, effectively.

Memorizing different password for different accounts can be a daunting task for users and to avoid this pain, most users tend to use the same password for a number of accounts. This is the point where you need to be cautious because the HTTP basic authentication protocol or even SSL can make this common practice unbelievably dangerous for you. The HTTP basic authentication protocol is disposed to phishing attacks as it asks users to disclose their passwords to the server that they want to login.

Revealing your password to a server that is usually required by the HTTP basic authentication protocol, can be unsafe because of the following reasons:

  • A server may be fraudulent: A hacker may setup a malicious server and attracts individuals to open accounts using their passwords by means of free offerings. Hackers may do so out of their presumption that their users are using the same password for their banking accounts. Once, the hacker gathers the passwords, he/she can misuse it to login on financial servers, like online banking.
  • A server may be compromised:  Some servers may be setup or compromised by hackers. Such servers can be rightly termed as malicious servers, which are setup to collect users’ passwords. Such servers can steal a user’s password and retell it to another server.

A user needs to use a different and unique password to login every server in order to avoid malicious server attacks. Remembering several different and unique passwords for different servers is literally not possible for an individual. And, if you are thinking to write down your all usernames and passwords on a piece of paper that is too not a good idea. So, what’s the way out. Single Password Protocol (SPP) can be the right solution, which eliminates the need to remember and use different passwords for different servers across the Internet.

SPP allows you to securely login multiple servers without actually revealing your password to any server at any point.  SPP has a number of desirable properties: it allows users to authenticate themselves to multiple servers using a single password, it only involves one type of computation, hashing, which requires a tiny amount of processing time, and it is secure against malicious server attacks and even the recent phishing attacks.  So, with a little precaution and the right solution, the danger of cyberattacks can be easily dispensed.