Password phishing tools and techniques seem to have evolved a great deal over recent years, but have the online services that they protect managed to keep up? Last week more than 30,000 usernames, passwords and email addresses from Hotmail, Yahoo, AOL, Gmail and several other web services were phished and posted online. This prompted a lot of questions in the press about just how secure passwords are.

Recently I was content thinking that changing my password regularly would keep me head-and-neck above phishing scams, but not any more. Personal details are stolen, email accounts are hacked and used for things that we would never dream of doing. It has become an epidemic; password phishing has never been done on this scale before.

You may think phishing for personal details including passwords has been going on secretly for ages, so what is so important about this particular incident? The truth is that unlike previous scams, the phishing was executed with the use of mass phishing tools and techniques. It’s not as if some poor sod working in admin spent 40 hours a day collecting all of those passwords, far from it, the tools phishing mongers use to obtain account details have evolved and are now easily available and accessible online for any would-be scammer to use. All you need is a simple online application and you can decrypt passwords in seconds. You can watch videos of tools like this in action just by looking on Youtube.

So the question I’d like to ask online service providers is: Are passwords still the most effective way to keep personal information safe and private?

Both Google and Microsoft still think complex passwords can protect our data, but how long will it be before passwords become completely useless?