Since the advent of the Internet, our daily lives are moving online at a rapid pace. We have become very comfortable, and even somewhat carefree, in conducting our most sensitive and private activities – banking, bill paying, email, chat, etc. – on the web.

And how do we protect ourselves from strangers’ prying eyes? A password, of course. Pinning our hopes on a 6-12 character combination, assuming that it will help keep others out of our business.

Unfortunately, that is no longer the case. A slew of hackings and security breaches in 2011 helped highlight the fact that the password has become outdated and can no longer be relied upon to protect us online. Our fast changing, web-driven world now requires a better solution.

Part of the problem is the sheer number of passwords that an average online denizen is expected to remember. It seems like almost every site we visit requires us to sign up with a log-in name and a password. As a result, our natural inclination is to use the same password everywhere to help simplify our lives.

Results from a survey published last year in the New York Times highlighted online privacy issues that were troubling to say the least. The article reported that two out of the five most commonly used passwords were “12345” and “password.” And “password1” appeared in the top list as well, seemingly because many sites attempt to protect users by requiring a number in passwords.

If we are not forced to create a strong, varied passwords, it is human nature that we just will not. The technology blog Gizmodo recently published a worrying report that serves as evidence of this tendency. Gizmodo matched a list of their users against a recently released list of hacked Sony users’ passwords. They found that two-thirds of those who used both services had the exact same password. That doesn’t sound too alarming, but chances are that these folks use the same password to access their Facebook, Gmail, or banking accounts as well.

That list of Sony users’ passwords was released by the hacker group LulzSec, which recently went on a widely publicized, 50-day rampage of cyber terrorism. They called it “50 days of Lulz”, which draws from the Internet abbreviation for laughing out loud (LOL). In addition to Sony, this unidentified group of computer criminals released major lists of secure data from the CIA and the U.S. Senate as well.

While it is claimed that LulzSec’s motivation is not to profit from their criminal acts but rather to have fun by spreading mayhem, some in the security industry have given the group credit for helping expose holes in large corporations’ online security systems. No matter how you slice it, their brazen activity of hacking into these companies’ computer systems is illegal. However, it is unfortunately an example of a new and growing trend called “hacktivism.” Along with other groups like Anonymous, hacktivists commit illegal acts online not just for fun but also for political reasons.

In a public message issued to defend its Sony break-in, the folks at LulzSec stressed that they are not “master hackers” and are simply exposing the vulnerabilities plaguing the Japanese company’s computer security systems. “Why do you put such faith in a company that allows itself to become open to these simple attacks?” they asked.

The answer to their rhetorical question is that we shouldn’t. But the unfortunate reality is that we do because we incorrectly assume that these large corporations behind the brands that we admire and trust will ensure the protection of our sensitive personal data. Groups like LulzSec help remind us that that the time has come for us to no longer take our online security for granted, and that we must take steps to ensure that our Internet activities and personal data are safe and secure.

In part 2 of this post, we will examine recent industry developments aimed at solving the problem of online identity theft and share steps that you can take to protect yourself from cyber criminals.