Back in the 1990s, The New Yorker ran what may be my all-time favorite cartoon, which depicted a dog sitting at a computer keyboard and explaining, "On the Internet, no one knows you're a dog."

Cartoonist Peter Steiner was making a comment about Internet anonymity, but the same joke would also work with the topic of online identity theft and cyber-fraud. The Internet user who logs onto your bank's website and transfers your life savings to a bank account in Moldova could conceivably be a canine with nimble paws. (In a sense, that would be oddly appropriate, since that Eastern European country was named after Molda, the pet dog of Moldova's founder, a 14th-century Romanian noble named Dragos.) We blithely assume that passwords and encrypted e-commerce and financial sites can protect us, but those safeguards are easily overcome once an unwary user encounters an Internet grafter skilled at phishing, in which a mark is tricked into revealing a password or other data, or is guided to a dummy version of a trusted website that then steals his info. It's not just mindlessly prurient dopes who can't resist clicking on supposed links to those nude photos of [insert generic starlet here] who get taken. As this Wired story details, Oak Ridge National Laboratory was forced to disconnect its Internet access in April after hackers used a fake human resources department page to steal passwords from employees and then attempted to siphon data from servers.

One big problem, I think, is our continued reliance upon passwords, an identity verification technique that dates back at least to the Roman military. As the second century B.C. historian Polybius wrote:

The way in which they secure the passing round of the watchword for the night is as follows: from the tenth maniple of each class of infantry and cavalry, the maniple which is encamped at the lower end of the street, a man is chosen who is relieved from guard duty, and he attends every day at sunset at the tent of the tribune, and receiving from him the watchword — that is a wooden tablet with the word inscribed on it — takes his leave, and on returning to his quarters passes on the watchword and tablet before witnesses to the commander of the next maniple, who in turn passes it to the one next him. All do the same until it reaches the first maniples, those encamped near the tents of the tribunes. These latter are obliged to deliver the tablet to the tribunes before dark. So that if all those issued are returned, the tribune knows that the watchword has been given to all the maniples, and has passed through all on its way back to him. If any one of them is missing, he makes inquiry at once, as he knows by the marks from what quarter the tablet has not returned, and whoever is responsible for the stoppage meets with the punishment he merits.

The system that computer programmers and system administrators started using back in the early 1960s isn't really much of an advance upon the Romans' wooden tablets — except that it's even less secure, because few computer users are as disciplined as Roman legionnaires. Moreover, according to PasswordResearch.com, a compendium of studies on online authentication, a third of computer users share their passwords with others, and 70 percent of people do not use a unique password for each website, so once a hacker scores, he can gain access to everything. And a hacker doesn't even have to rely upon phishing to get in. According to this PC World survey from the mid-2000s, a third of users never change their passwords, and a quarter rely upon the name of a person or a pet.

Using more sophisticated password protocol — never giving your password to anyone else or even writing it down, utilizing meaningless strings of numbers and letters, and changing passwords frequently — improves security, but even that protection can be illusory, thanks to advances in anti-encryption software that can be used to ferret out even randomly generated passwords. From the Georgia Tech Research Institute, here's a 2010 article on how next-generation password-cracking software may harness a common, easily available tool: PC graphics processing chips and their awesome two-teraflop speeds. Pretty soon, any password shorter than 12 characters — that is, almost all of them — may soon be vulnerable to cracking within a few minutes.

That's why I'm thinking that we need a whole new paradigm for verification technology. Instead of just relying upon a single type of verification, why not set up a system that would scrutinize computer users from multiple angles, using a variety of biometric- and behavioral- based tools? Think of it as the online version of the supe r intensive, multi level screening used by Israeli anti-terrorism agents at the Tel Aviv airport.

One part would be insisting that everybody add certain peripherals to their computers, such as the newly developed EyeLock retinal scanner, plus a webcam and a microphone, which a lot of people already have.

When you logged on to, say, your online banking site, that site's intelligent security system would do a facial recognition scan and match up your retinal scan. Next, the system would ask you a short series of conversational questions, which you would be expected to answer in a pre specified rapid time interval. The system would compare your voice and speech patterns to a database of samples from prior logons. Once you got through that gate, the system would continue surreptitiously scrutinizing you, tracking both your pattern of transactions and your physical mannerisms as you sit and type, and it would be compare those to what it had observed on your previous visits.

If the system noticed enough discrepancies and suspected that you were an imposter, it would stop you and start asking more seemingly innocuous, conversational questions, perhaps based upon answers that you'd given in previous sessions. It might try to trip you up, by asking about your sister's wedding last summer. Or it might ask you questions designed to elicit an expected emotional response that would be consistent with your beliefs. For example, if the system knows that you're a Miami Heat fan, it might ask you why LeBron James gets away with too many traveling violations and offensive fouls, or whether he showed himself to be disloyal by leaving the Cleveland Cavaliers. Or it might ask you a question about your neighborhood, such as what sort of car your neighbor has parked in his driveway.

It's conceivable, of course, that a truly determined identity thief or hacker could immerse himself in your personal data and impersonate you effectively. But it would be vastly more difficult and time-consuming, and nobody would have the time to do that with hundreds of thousands of credit card customers. As a result, hacking would become a much less efficient way to steal, and criminals would have an incentive to move on to easier, safer ways to line their pockets.

Of course, ratcheting up security to this extreme level would have some serious downsides. It would become much more time-consuming and even stressful to do online transactions, and it undoubtedly would slow the pace of online commerce and finance, so everyone from eBay vendors to banks would make less money. Moreover, deploying this many different technologies and designing a platform to incorporate and coordinate them all would be a daunting task. Plus, the enormous volume of data required might seriously strain our available bandwidth, leaving us with less to use for other important activities, such as watching episodes of the original Star Trek series on Hulu.