Computer Security: 20 Things Every Employee Should Know

Computer Security: 20 Things Every Employee Should Know

Written by Ben Rothke; Published by McGraw-Hill/Osborne Media

This excerpt is from Choose Your Passwords Wisely of Computer Security: 20 Things Every Employee Should Know written by Ben Rothke and published by McGraw-Hill/Osborne Media. Read the entire chapter here

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

.

Choose your passwords wisely

Alice is returning from maternity leave as the human resources manager at Duke Industries, leaving her new daughter Winifred at home. With her account being reactivated, Alice now must choose all new passwords.

Alice is so excited about recently becoming a mom she uses her newborn daughter's name as her password to the HR employee database. Unbeknown to Alice, a disgruntled employee, Natalie, has been trying to find out her manager's salary. Natalie downloaded John the Ripper, an easy-to-use password-cracking program she found on the Internet. Within minutes, the program checks every word in the English language dictionary, as Winifred's account is successfully attacked and its password gleaned, giving Natalie access to all the HR information under Alice's user account.

The above scenario is real and happens far too often. The problem is that people are now required to remember passwords for myriad systems: corporate systems, online banking, voice mail systems, alarm codes, network passwords, system passwords and many more.

As a security professional, I can tell you that most people simply can't choose an effective password. It is a challenge between choosing one that's easy to remember (and ineffective) or one that's effective but difficult to remember.

Since it is so tough to remember all these passwords, people commonly adopt shortcuts; like writing their password on Post-it(r) notes, sticking them to their monitor or under their mouse pad. Using Post-it(r) notes is almost as bad as not having passwords at all.

In the example above, Alice makes a poor choice of passwords for two reasons: Winifred is a common word in most dictionaries, and the password Winifred can be easily guessed by anyone who knows that Alice is a new mother.

The responsibility for catching tools like password cracking software on the network is not the users, but the user must be aware that such tools exist.

Read the rest of the chapter here.

For more information on this topic, visit these resources:

This was first published in October 2003

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Back to top