Tip

Computer Security: 20 Things Every Employee Should Know

Written by Ben Rothke; Published by McGraw-Hill/Osborne Media

This excerpt is from Choose Your Passwords Wisely of Computer Security: 20 Things Every Employee Should Know written by Ben Rothke and published by McGraw-Hill/Osborne Media. Read the entire chapter here

    Requires Free Membership to View

.

Choose your passwords wisely

Alice is returning from maternity leave as the human resources manager at Duke Industries, leaving her new daughter Winifred at home. With her account being reactivated, Alice now must choose all new passwords.

Alice is so excited about recently becoming a mom she uses her newborn daughter's name as her password to the HR employee database. Unbeknown to Alice, a disgruntled employee, Natalie, has been trying to find out her manager's salary. Natalie downloaded John the Ripper, an easy-to-use password-cracking program she found on the Internet. Within minutes, the program checks every word in the English language dictionary, as Winifred's account is successfully attacked and its password gleaned, giving Natalie access to all the HR information under Alice's user account.

The above scenario is real and happens far too often. The problem is that people are now required to remember passwords for myriad systems: corporate systems, online banking, voice mail systems, alarm codes, network passwords, system passwords and many more.

As a security professional, I can tell you that most people simply can't choose an effective password. It is a challenge between choosing one that's easy to remember (and ineffective) or one that's effective but difficult to remember.

Since it is so tough to remember all these passwords, people commonly adopt shortcuts; like writing their password on Post-it(r) notes, sticking them to their monitor or under their mouse pad. Using Post-it(r) notes is almost as bad as not having passwords at all.

In the example above, Alice makes a poor choice of passwords for two reasons: Winifred is a common word in most dictionaries, and the password Winifred can be easily guessed by anyone who knows that Alice is a new mother.

The responsibility for catching tools like password cracking software on the network is not the users, but the user must be aware that such tools exist.

Read the rest of the chapter here.


For more information on this topic, visit these resources:

This was first published in October 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.