This is an interesting article looking at lost passwords, good ways to find ideal safe psswds and the involvement of the new bots that Daz has brought up, and, more importantly, cos of the bots - not using the same or similar pswds at work as you do at home.There is a common strain of amnesia floating around the desks of those sun-kissed and briefly stress-free workers fresh from summer holidays.
Frequently this affliction causes normal, intelligent employees to lose all grasp of their faculties when confronted with a password prompt screen on the first day back at work. They simply cannot remember their passwords and they have to call a helpdesk to reset them.
While the average business user juggles at least six passwords, according to security studies, this number may be amplified to more than 20 when taking into account the increasing use of social networking sites and daily online usage of web-based utilities and entertainment such as banking, gambling, news sites, private email, Facebook, LinkedIn and MySpace.
That's without remembering personal identification numbers, or PINs, for bank cards, credit cards, telephone accounts and other household utilities or service companies that demand proof of identity when dealing with them over the phone or electronically.
It's not surprising that the instances of password resetting are 10per cent higher in the first three weeks of January than any other time of the year. According to Prodigy Communications, which services more than 500 corporate clients, password amnesia and mismanagement eat into productivity.
Prodigy IT managing director Craig Brady says that while password management is problematic, it is the responsibility of the individual and the company to be vigilant about managing security and access to online areas.
The proliferation of passwords is becoming a headache for users, network administrators and online providers alike. The menace of identification fraud, hacking and phishing means that ubiquitous usage of a familiar password is akin to posting your credit card number on a Facebook profile.
The insidious sounding Conflicker virus has been worming its way through simplistic password configurations since November, infecting more than 9million PCs in the US, Europe and Asia via USB sticks.
The adaptable virus exploits network passwords and spreads throughout corporate networks easily by hacking in to simple passwords and then locking network users out of their accounts.
As such, the demand for more sophisticated password protection systems is becoming pervasive.
Mr Brady suggests that all companies invest time in educating staff on the importance of password security and management.
It is usually larger corporations that install a complex password system, such as a login system that requires employees to change passwords regularly and uses unique alphanumeric combinations, but Mr Brady recommends that this should be enforced no matter what the size of the company, ASX-listed blue chip or single-computer home office.
"Using a complex password system is an easy way to maintain good security practices," he says.
However, he concedes that some people will always rely on their techies to help them.
"The advent of the on-call IT helpdesk has made users lazy in retaining password information. Not very long ago a company would have to be on a wait list for the techy guy to come out to the premises and reset passwords," he says.
While the habitual and creatively challenged nature of humans insists that "123456" or "password" remain in the top five of password usage, the danger of security breaches is demanding that users become aware of their importance.
One security professional, Stephen Gillies, suggests using "muscle memory" to create a sound but recallable password. "A pattern on the keyboard can jog your memory, TgbyhN0011 is an easy to remember pattern on a standard keyboard, for example," he says.
Mr Gillies, who is a member of the System Administrators Guild of Australia, also warns that saving passwords to mobile phones as a backup can also backfire.
"With the number of places your contacts are synchronised these days, your phone synchronises with your computer, your computer perhaps with your work account, even GPS units can synchronise phone books. There are too many places this data may end up to rely on this method of storage any more," he says.
He also stresses the importance of wiping the data off all old equipment and avoiding using the "remember my password on this machine" feature because of the threat of a stranger using a computer while a desk is unattended.
Mr Brady recommends off-the-shelf software management systems such as Password Keeper to help employees manage their password information securely. These applications require only one password to enter and are heavily encrypted.
The topic of social networking draws the ire of most IT administrators, who all concur that applications such as Facebook cause the most potential and actual security threats to companies and their staff.
"Block it," Mr Brady says, but he adds that introducing a policy of only lunchtime, pre and post-work allocated times is also effective in curbing its usage.
But again education is key: "Never use the same password on corporate accounts that you would on Twitter, Facebook or Gmail, as you raise the risks of hacking considerably.
"Content filtering software is struggling to keep up with social network sites, and as a consequence they are a hackers delight."
Tips for keeping access secure
- Never use the same password twice. If you must reuse pins and passwords, group them into logical categories which have a similar level of security. You may use a similar password for your Gmail and Yahoo IM accounts, but the PIN for your credit card should be different to any other PIN you have. For passwords with a low level of security, like website registration logins where there's no risk of your identity being compromised, use something easy to remember.
- Mix it up. A strong password has upper and lower case characters with at least one number.
- Give it rhythm. For a random-looking password use the first letters of two phrases you will remember, like Mhall3bf (Mary had a little lamb 3 bags full).
- A pattern on the keyboard can jog your memory. System administrators call it muscle memory. TgbyhN0011 is an easy-to-remember pattern on a standard keyboard, for example (but don't use qwerty as your password).
- Familiarity breeds hacking. Never use your birth date, car registration, children's names or employee number. These are all easy to guess and are common.
Keep it fresh. Change your password at the same time you pay your credit card statement or mobile phone bill.
- For your eyes only. Never, ever give your password to anyone else. If you have trouble accessing a work system talk to your IT help desk. If you suspect your password is compromised, change it immediately.
Some hints from the IT desk
- Never change a password on a Friday, especially in the afternoon.
- Think of two good short words and stick some numbers/specials in the middle.
- Don't be afraid to admit that you have forgotten your password.
- If your password is going to expire while you are away, then let it expire.
- Never give out data about yourself in a public forum which can compromise you. Your full date of birth, your mother's name, your place of birth and your phone number should ideally never be available in one place.
- Never respond to requests for personal information from people you don't know. Never click on links in email unless you have very strong anti-virus filters.
Never follow links in email to any banking or other important website - always enter your website URL yourself in the browser or select it from a bookmark.
http://www.stuff.co.nz/4833702a28.html
