Is using multiple passes for wiping a disk really necessary?

It's paranoia.

The fastest way to "delete" things on a hard drive is simply to remove the references to that region of the hard drive, so the data remains there if you used a dedicated tool to recover it, the kind the police would have for example.

A much slower way to "delete" things is to write over every bit of information with a 1 or a 0, or random bits, so that even if you use aforementioned tool, all you would see is the result of this operation.

Theoretically, you can recover residual data (which is why tools have the option of using multiple passes) because the data is all stored magnetically.

If you have a clean disk, and write a 1 to it, then overwrite that 1 with a zero, the new "zero" will be slightly less "zero" than if you wrote a zero to that space on a clean disk, and even less than if you wrote a "zero" over a "zero".

I won't go too far into materials science.

It does depend why you're wiping your drive.

If you're trying to destroy the drive and never use it again. Physically bend it. This is all you have to do, no existing tool, or tool in development can read a bent drive.

Alternatively, heating up magnets completely resets their magnetism, as does passing a strong magnet over them.

If you're looking into data security on a long term basis, it is possible to buy hard drives that encrypt all data stored on them. If you change the core encryption key then all the data is completely unrecoverable, it takes a fraction of a second to do, and is more secure than repeatedly overwriting data with more data.

If you're just looking to hide your porn stash, or you are reselling your computer, a single pass of 1's will be more than enough. The actual process of rewriting every bit on a modern hard-drive (which will easily have over a TB of space) will take hours and hours.

The cost of recovering data from a zero'd out computer, to a forensics team, is well into the thousands of dollars and requires the skills of specialist computer scientists.

The necessity of extreme measures during deletion depends on the value of the information.

For your pron stash that you don't want Mom to find: Delete the file, overwrite all free space with zeros (sdelete will do the job). To my knowledge, no one has EVER demonstrated the ability to recover data from a normal hard disk after an over-write of any kind. The theoretical possibility is there, but no one's shown it can be done. Even if it can, it's going to be monstrously expensive and slow, and probably can't recover all desired data.

If it's worth millions of dollars, or if people are going to die if the info is revealed, take the drive apart and sand-blast the magnetic media off of the disk surface (don't forget proper air filtering - some of that stuff might be nasty). Congratulations - the data can't be recovered. If you happen to have access to foundry that does aluminum, you could always toss the platters into the next batch (the platters are often aluminum with magnetic oxide coatings). By melting the platters, you again free up the magnetic particles and let them float around. As a bonus, aluminum is usually melted in electric arc furnaces, which will surely play hob with the magnetic fields even before they slag the platters down.

Agree with the above answer, it is mostly paranoia. If you are a home user, then a single pass low level format will do the trick. There are many theories about how effective multiple wipes are, (some even go as far as reccomending 35 wipes!!) but generally a one pass wipe is good enough. Destroying the disk by bending it, breaking the disk plates (using a hammer) or drilling holes through it is a good way to safeguard your personal data but it depends on whether you want to use the disk again. Also, if you are disposing of your old machine by resale, without a disk you may realise up to a 40% reduction in value(depending on the machine).

Due to Privacy laws these days, organisations are paranoid about having their information leak into the open, since they can face litigation and fines. That is contributing to the sensitivity around disk wiping standards.

Unless you are an organisation which has to protect confidential client information, IP or other proprietary information, and a potential target of hackers who may want to steal or misuse such data, then you really dont need to consider very high levels of data security.