"The modus operandi has been similar -- a targeted email containing malware infiltrates a PC and hides its tracks using a rootkit. Later it contacts its command server and downloads a keylogger/screen scraper module, which performs the intended objective: stealing user credentials resulting in the theft of vital data," says George Waller, executive vice president at security firm .

To make matters worse, in this age of cloud computing, SaaS and increased mobility, users are spreading their credentials everywhere. Passwords are inherently weak. Dictionary attacks are standard and rainbow tables can be used to crack more sophisticated passwords.

"The concept of having users deploy their passwords to every cloud site is nuts," says Garret Grajek, CTO of . "It would be a mistake, however, to conclude that this makes the cloud inherently insecure."

The standard method for authenticating users to cloud services is the hardly revolutionary: user names and passwords. We're left with two choices: either improve on what we have, or replace it with something better. There is no real consensus, however, on which path to take.

For instance, when users are told to strengthen their login credentials by crafting strong passwords that are essentially gibberish with random capital letters, numbers and special characters, no one remembers them. Thus, everyone reuses their complex passwords, writes them down, or creates a "passwords" file, which is the first thing hackers look for when they access your device.