Latest news
A large number of users are tricking the established password policies by somehow creating a believed to be strong, while weak or common sense password. Although nowadays this method is rarely used compared to the ones we've already discussed above, it should be kept in mind that certain users are still choosing passwords based on objects or brands around their desk.
The most common password maintenance mistakes
- Auto fill feature
The majority of applications will allow you to remember your passwords and accounting data, but unless you're sure that the computer is reasonably protected from possible physical security breaches, you're strongly advised not to have your passwords remembered in this way. Make sure this option is not used at public access places like net cafés' etc.
- "Post it" notes
Passwords are often written down and even worse, posted next to the monitor or around the desk. This could easily be observed by malicious attackers or insiders, so avoid it.
- "The secret place"
A lot of people believe they have found the secret place under the keyboard or anywhere around the desk, which is very unacceptable considered the fact that if observed enough, they would reveal their believed to be secret place, get distracted and have their accounting data leaked out. Even so, a large number of people keep certain accounting data on papers, PDAs, etc., so a possible strategy until they remember their accounting data and get rid of the note they keep with them all the time would be the following; have at lest 6/7 different and fake passwords around the real one, you might even cross a couple of them, even the actual one. This would be very beneficial keeping in mind that hopefully two/three false logins will lock the account, and in case your note gets exposed, it would be still a matter of luck for the attacker to use the right one. Although this method provides no guarantees, and is not recommended at all, it is a very short solution to remember your password and get rid of your note right away!
How to choose a secure password
Spotlight
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Is Microsoft is reading your Skype communications?
Posted on 15 May 2013. | The question of whether Skype allows U.S. intelligence and law enforcement agencies to access the communications exchanged by its users has still not been adequately answered by Microsoft.
Internet Explorer best at blocking malware
Posted on 14 May 2013. | While Chrome’s malware download protection improved significantly, Internet Explorer 10 continues to outperform the other browsers with a block rate of 99.96%.
Researcher refuses to help Saudi telco to spy on people
Posted on 14 May 2013. | You would think that a Saudi Arabian telecom firm interested in monitoring its users' mobile communications would not be asking a well-known pro-privacy researcher for help, but you would be wrong.
Malicious browser extensions are hijacking Facebook accounts
Posted on 13 May 2013. | Facebook users - especially those in Brazil - are being targeted with malicious browser extensions trying to hijack Facebook profiles, warns Microsoft.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
