Sunday, May 24, 2009

Working Everyday to Make Passwords Totally Insecure

When it comes to password security policies bigger isn't always better. IT departments and administrators need to find that level of password zen where passwords are long enough, complex enough, and changed often enough that they are secure. If any of these levels are out of whack the users will simply write their passwords down on a post-it note or in a planner and leave it for anyone to find It is my guess that in 4 out of 5 organizations that you can walk into any office and in less than 5 minutes you can find all of the users login and password information.

Some companies are using a password policy as follows:

1. Must be 12 characters long or more
2. Must contain at least 1 capital letter
3. Must contain at least 1 number
4. Must contain at least 1 special character
5. Cannot be a dictionary word
6. Password expires every 30 days

This policy equals disaster and security failure. Yet I know of numerous organizations out there that are using, Here is a far more realistic and therefore secure password policy.

1. Must be 6 characters long or more
2. Must contain at least 1 capital letter
3. Must contain at least 1 number
4. Must contain at least 1 special characte
5. Cannot be a dictionary word
6 Password expires every 60 days

Two very minor changes and I guarantee users are far less likely to write these passwords down. Bottom line; put some thought into your password policy before you put them in place, and be consistent across your applications and websites, and use single sign-on technologies whenever possible. Encourage users not to write passwords down and teach them how to choose good passwords.

Posted by: Joshua Nicholes
www.joshnicholes.com


Friday, May 15, 2009

Recession = reduced Cyber Security

As the economy worsens so will our cyber security. With the economic downturn financial desperation increases in the populace. What does this mean in terms of IT security? I predict a rise in hoaxes, scams, and identity thefts aimed to separate you from your money. Not only are the criminals desperate but their victims are desperate too, I predict you will see more folks out there fall for these types of scams.

Organizations and individuals alike are spending less on security software and services and IT staffs are being reduced. This means that overall there is less monitoring and protection out there on the Internet as a whole. So what can an average home user do to protect themselves in tough times?

1. Keep antivirus and security software up-to-date. Here are a couple of free ones that will keep you safe.
Avast http://www.avast.com/
MS Defender http://www.microsoft.com/windows/products/winfamily/defender/default.mspx

2. Use firefox (also free), and clear your private data after every use. It is by far a safer browser.

3. Don't visit sites your not sure about, better safe than sorry.

4. Do your online shopping at sites you trust, don't be tempted by a bargain.

5. Never give out any personal info (SS #, birth date, bank info, etc...), this applies both online and off.

7. Don't allow your browser to safe your passwords or automatically log you in.

8. Keep all your software up-to-date not just your antivirus (Operating Systems, Office Apps, Browsers, Adobe Software, etc...).

9. Lock-down your home Wifi network (Use Wep encryption at the very least).

10. Don't leave your laptops, phones, PDA's, thumb drives lying around, you'd be surprised how much info someone can get.

Posted by: Joshua Nicholes
www.joshnicholes.com