Online Persona

As some of you may know, I've been having some online security issues lately. Both my e-mail accounts are sending spam and we've had an uninvited visitor on our network, sending messages to, and at one point partially controlling, my brother's laptop.

After discovering I was sending out spam from my msn-address I've started rethinking my options. The most obvious was, of course, changing my passwords. I also sent a mail asking for other counter-measures and more concrete information (such as where the mails were sent from) to Hotmail's abuse team. (They responded by simply deactivating my account, forcing me to verify myself and change my password.. again.) None of this proved effective though, as the next day the same thing happened, now also from my G-mail account. I log in from a Mac exclusively, so while unlikely, I decided to do a virus/ malware scan on it. Nothing showed up. Then the thought of abandoning my current accounts and making a new one crossed my mind and a realized something: That would be a humongous pain in the ass. Not only would I need to notify my friends and colleague of my new address, I'd also have to update it for every service or account that has that e-mail registered, including games, social media, fora, newsletters, official organizations and more... As Mercedes from Glee would say: Aaw, hell to the no!

This got me thinking as to how, even though each service requires their own form of authentication, a person's e-mail address is like the master key-card is in a hotel; it can open all the doors. Go to a site, click "forgot your password" and you get a mail with either the password itself or a link to reset it, no questions asked.
And I'm not even mentioning the kind of stunts one could pull with another's e-mail address. Sure, generally these scams are even more transparent than a new layer in Photoshop is, but it can definitely be done right. One could almost compare this to identity theft.

So how come something so important is still so (relatively) easy to compromise? And even if there were no viruses, malware or what-have-you, all it takes to reset the password is the secret question (usually a choice of ±7) and accompanying answer, which many people probably answer truthfully. As the internet becomes part of our everyday lives more and more, I think we'll have to find some new and better ways of identifying ourselves online. In fact, I wouldn't be surprised if iris scans or finger-printing would be standard procedure to log in in several years. Though as I'm writing this, I realize even those can be manipulated. So I wonder, will we ever find a way to authenticate ourselves without chances of impersonation, or this just a utopian idea, built on hope and nothing more? Only time will tell.