…Teach a man to be phished, and he’ll be hungry for a lifetime

You’re in the scene- you’ve got the Facebook, MySpace, LinkedIn and Twitter accounts active and updated. You juggle to remember which friend requests have been added where, and then you suddenly decide to sign up for another social media site such as Yelp, Plaxo, Ning, FriendFeed, Orkut, or iLike. What a pain to add all those friends all over again! Then you see a advertisement for a wonderful service provided by the company- all you have to do is provide your email username and password, and all your friends will be automatically added to your social network. Sounds great, right?

Wrong. This leaves the door wide open for numerous types of fraud. Most people do not take the security precaution of creating different user names and passwords for the sites they visit. They may be handing over their address books, and financial and email accounts. You must also consider that a large database of user names and passwords are VERY attractive to potential hackers and identity thieves, and is much more likely to be targeted than individual accounts.

As reported on TechRadar, Twitter’s API lead Alex Payne said “We’ve always advised users to only give their passwords to websites they feel they can trust. Any website runs the risk of compromise, so giving out your credentials is always a gamble. There’s little risk in using a desktop Twitter client, but we’ve cautioned users against handing out their passwords to web-based services that are higher-value targets to attackers.”

Even if you trust the service not to delve into your personal information, you are providing a third party website with security information. A habit that identity theft and security professionals have been trying to break for years. As handing out your security information from one site to another site becomes commonplace, the easier it will become to convince users to continue the practice. As Jeremy Keith, technical director of user experience consultancy Clearleft points out, “…it teaches people how to be phished.”

There is always a security trade-off for convenience. Before you click on that free download, try the new service, or ask a computer to remember your password ask yourself- Is this worth it? Is the increased risk of attack and theft worth the convenience I am trading it for? Remember to use different usernames and passwords for your accounts, so that any single compromise does not result in total loss of your personal and finacial information. Never provide account information on a third party site, and be cautious of any requests for password or account information by email, website or phone.