jump to navigation

Security 01/29/2013

Posted by TBoehm30 in Uncategorized.
Tags: , ,
trackback

I have a spreadsheet with over 150 passwords on it. I have to change my work passwords every 45, 60, and 90 days depending on the system. I ask myself ‘is this more secure?’

I’m no security expert, and sometimes the rules really bug me. Why do I need to change my password? Why should I have different passwords? What is the risk if I don’t follow the rules? I wanted to vent a little, so I started this article. Then I did my research to better understand the issue. Here is what I learned:

The security experts tell us to change our password often. The best reasons I have seen have to do with holding off the attackers long enough for the password to have changed. If an attacker gets ahold of a password file, from a backup tape, the trash, or breaking in; then they could use that to log onto any accounts that haven’t changed the password.

The nice thing about those password files is that they are encrypted, or hashed, so that hackers don’t actually put in your real password, they use the hashed version from the file. If you simply change 1 letter, or add a number, then the hash is different and can’t be hacked. The problem is that a hacker could break the encryption and actually figure out your password pattern. Then they could easily guess your next password giving them access to your account.

What are the odds that you or I would be singled out for attack? Hopefully, those odds are not very high, but how much risk are you willing to take? If your whole company system gets stolen, copied, shut down, or broken, how much blame do you want to take? It’s probably better to just suffer by changing your password.

Why can’t all my passwords be the same? The problem with that is that hackers can get passwords from the least secure system. Even worse, is that the people who run all of those other systems have access to your unencrypted password. Joe, at buycoolstuffhere.com, created the site simply to steal people’s password with a good username. He then uses those codes at every financial web site until something works. Then he has full access to your money.

Why do I have to answer security questions? The security questions are usually there in case you forget your password. The answers are usually pretty simple to find on the internet and are the most risky for casual users. People in the public eye are constantly having their email spilled to the public by people who figured out what street they lived on when they were growing up. Some advice from the internet is to have answers that are not really answers, but hints to your password. What was the name of your first pet? “My favorite song lyric”

Bad passwords and pins: American Express has an authentication pin that has to be 4 digits. When I tried to give them numbers I could remember, they told me it had to be a date. Why would they decrease the security possibilities from 10,000 down to 365?

I can see my payroll info online if I remember an 8 digit pin number. The problem is that I am running out of unique numbers that I can actually remember. For me to remember an 8 digit number, it must be a full date, or part of a phone number; I don’t have any other long numbers that are burned into my brain well enough to not forget.

Internal security is just as important as external security. Most companies won’t get hacked by strangers in a way that will cause them any material harm. It is the employees who pose the most danger. If your employees have access to everything, what’s to stop them from downloading the customer list and selling it to the competition? It is important to divide up all data, and only give access where it is needed for people’s jobs. Look at SOX requirements even if they are not necessary; they make sure that users don’t have too much access to the system. That may be why you are limited on your own system, and sometimes can’t even get data you actually need.

So, until a better security system is built, I’ve got over 150 passwords to remember. My spreadsheet doesn’t actually have the real password listed, just a hint to it. The file itself is password protected, heaven help me if I forget that one.

Do you have a good security story? Leave it in the comments below. Do you know that it’s a global world and Technology makes it happen?

Advertisements

Comments»

1. Security « ERP.BlogNotions - Thoughts from Industry Experts - 02/04/2013

[…] Tagged: Read Original Post […]

2. business continuity plan - 05/07/2013

Hello my family member! I wish to say that this post is awesome,
great written and come with almost all vital infos.

I would like to look more posts like this .

3. cdcinternacional.cat - 05/13/2013

Way cool! Some extremely valid points! I appreciate you penning this write-up plus
the rest of the website is extremely good.

4. http://forum.iacez.com/profile.php?id=9600 - 12/19/2013

We stumbled over here coming from a different page and thought I might as well check things out.
I like what I see so now i am following you. Look forward to finding out about
your web page repeatedly.

5. air duct cleaning video - 03/31/2014

Please let me know if you’re looking for a article author for your blog.
You have some really good articles and I think I would be a good asset.
If you ever want to take some of the load off, I’d absolutely love to write some material for your blog in exchange for
a link back to mine. Please shoot me an e-mail if
interested. Kudos!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: