Home > Security Tips > > Computer Security: 20 Things Every Employee Should Know
Security Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 


Computer Security: 20 Things Every Employee Should Know


Written by Ben Rothke; Published by McGraw-Hill/Osborne Media
10.31.2003
Rating: -3.75- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


This excerpt is from Choose Your Passwords Wisely of Computer Security: 20 Things Every Employee Should Know written by Ben Rothke and published by McGraw-Hill/Osborne Media. Read the entire chapter here.

Choose your passwords wisely

Alice is returning from maternity leave as the human resources manager at Duke Industries, leaving her new daughter Winifred at home. With her account being reactivated, Alice now must choose all new passwords.

Alice is so excited about recently becoming a mom she uses her newborn daughter's name as her password to the HR employee database. Unbeknown to Alice, a disgruntled employee, Natalie, has been trying to find out her manager's salary. Natalie downloaded John the Ripper, an easy-to-use password-cracking program she found on the Internet. Within minutes, the program checks every word in the English language dictionary, as Winifred's account is successfully attacked and its password gleaned, giving Natalie access to all the HR information under Alice's user account.

The above scenario is real and happens far too often. The problem is that people are now required to remember passwords for myriad systems: corporate systems, online banking, voice mail systems, alarm codes, network passwords, system passwords and many more.

As a security professional, I can tell you that most people simply can't choose an effective password. It is a challenge between choosing one that's easy to remember (and ineffective) or one that's effective but difficult to remember.

Since it is so tough to remember all these passwords, people commonly adopt shortcuts; like writing their password on Post-it(r) notes, sticking them to their monitor or under their mouse pad. Using Post-it(r) notes is almost as bad as not having passwords at all.

In the example above, Alice makes a poor choice of passwords for two reasons: Winifred is a common word in most dictionaries, and the password Winifred can be easily guessed by anyone who knows that Alice is a new mother.

The responsibility for catching tools like password cracking software on the network is not the users, but the user must be aware that such tools exist.

Read the rest of the chapter here.

For more information on this topic, visit these resources:

Rate this Tip
To rate tips, you must be a member of SearchSecurity.com.
Register now to start rating these tips. Log in if you are already a member.




BROWSE BY TAG
Security Management,   Employee Security Education,   Security Policy & Infrastructure,   Common Vulnerabilities and Prevention Tips,   Password Cracking,   Security Awareness Training and Internal Threats,   Information Security Management,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
Security Management
Smart shopper's guide to correlation tools
What's your infosec IQ?
Countdown begins for Mydoom DDoS attacks
Hackers scanning for ports opened by Mydoom
National cybersecurity alert system launched
Dangerous, familiar application vulnerabilities top list
Potent Mydoom worm flooding inboxes
SSL VPNs stealing IPSec's thunder
Security insurance may be a smart policy for some
China official makes information security a priority

Employee Security Education
Addressing the people problem: Human performance technology
The battle over security vs. convenience

Security Policy & Infrastructure
Tier-1 policy overview: Procurement and contracts, records management
Tier-1 policy overview: Corporate communications, work place security
Action-forcing mechanisms encourage policy compliance
Presentation: Essential strategies for policy development
Developing security policies
Best practices: E-mail security policies
Week 2: Passwords -- Updating, selecting and recording user and administrative passwords
What constitutes acceptable use?
Infosec Know IT All Trivia: Policy management
Terminating a system administrator

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Research Solutions for Network Security, Access Control and Security Threats
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts