List Categories | List All Articles | List Articles By Title
Passwords and the Human Factor
Passwords have a strange dual nature. The stronger and safer the password the more likely it will be undermined by human weakness.
It is widely known that passwords are the most common means of access control. It is also common knowledge that passwords are the easiest way to compromise a system. Passwords have two basic functions. First, they allow initial entry to a system. Next, after access, they grant permission to various levels of information. This access can range from public data to restricted trade secrets and pending patents.
The best passwords are a lengthy and complex mix of upper and lower case letters, numbers and symbols. The tendency for people when using these formats is to write them down, store them on a hand held device, etc. thus destroying the integrity of the password.
The integrity of passwords can be circumvented through "Human Engineering." People can unwittingly make grave errors of judgment in situations that they may view as harmless or even helpful. For example, a password is shared with a forgetful employee and a system can be compromised. In more ominous cases, a con artist or hacker can phone a na´ve employee and present themselves as senior executives or help desk personnel and obtain that persons password. People have also been duped by callers claiming emergencies, cajoling or even threatening the employees job if a password is not provided.
These human lapses can be addressed through employee training and written policies that provide solid guidance and procedures in these circumstances. Training in information security, including password protocols, should be mandatory for every employee of the enterprise. Management support of this training and the security policy is critical to its success. To be effective, training should be repetitive with quarterly reviews of the company policy. There can also be frequent reminders, such as banners, about password security that appear during logons.
Management must not only support security measures, they must also provide a written and enforced policy statement. These written policies should be developed with assistance from the I.T. department as well as the human resource and legal departments. Written policies should be a part of the employee's introduction to the company and should be reviewed at least twice a year. It is also critical that the employee sign off on the document indicating that they received, read, and understood its contents. Firms that ignore these practices do so at their own risk.
Enforcement is an important partner to training. A policy that is not enforced is far worse than no policy at all. In fact, haphazard enforcement or lack of enforcement can increase a company's liability in many legal actions. To work, a policy must have "teeth". There should be a range of consequences for lapses whether it is a single event or multiple or flagrant incidents. This can range from a verbal warning all the way to termination.
In summary, passwords can be kept more secure by recognizing the human factor. Through management initiative, communication and training, as well as written and enforced policies and procedures, companies can have more control over their information assets and keep their clients and partners much safer.
About The Author
Terrence F. Doheny
President, Beyond If Solutions,LLC
Nephrology and Dialysis For a PDA
Saving Lives With A Pocket PCFree medical downloads can be a real lifesaver for many people. For those dealing with diseases, using their pda to help monitor their health is one of the best and most useful benefits of the new pocket pc technology.
Is Digital Camera Technology Making Film Obsolete?
Perhaps not yet, but the handwriting might be on the wall?How is a digital camera different from a film camera? What are pixels and why are they important? What's the difference between optical and digital zoom? What advantages do digital cameras have compared to film cameras? Let's address these and other questions as we discuss digital camera technology.First a short history and overview of digital imaging?The technology began with television in the early 1950's when researchers discovered how to convert video images to electrical signals for storage on magnetic tape.
GOT VIRUS? Your Data is NOT lost forever!In the wake of so many computer viruses running wild, "Hope is not lost"!With the recent release of such viruses as: mydoom; netsky; mofei, lovegate and many more destructive viruses, there is an affordable solution to recover your lost files from your hard drive.Selecting a Data Recovery Service Company can be a challenging and confusing undertaking to say the least.
Virtual Memory - What is It?
I recently got an e-mail asking about virtual memory. The person who sent me the question was getting an error on random occasions from their Windows operating system stating "Your computer is low on virtual memory".
Taking Advantage of the iPod Experience
Music lovers have been carrying around radios and other bulky music devices in order to take their tunes along with them as they go from place to place. With the iPod - a portable unit that's manufactured by Apple - the music experience offers a higher quality in a much more compact size.
Mail-merging: The Principles
About mail-mergingMail-merging is the process of merging variable data and fixed text.Using mail-merging, you can create individualised letters, envelopes, labels and other documents without having to laboriously create each individual one.
Can Movie Theatres Compete with Home HD TV in the Future?
The battle is heating up for market share, home movie theatre, X-Box, Playstations and virtual reality take on the big screen and theme parks. You might be surprised to learn that the war is just beginning.
What Has A Portable MP3 Player Have To Do With Your Business
Plenty! When we made the decision to be our own bosses, we gave up the luxury of having our employers sending us to us seminars, workshops or conferences that help improve our skills and gain knowledge related to our work. All this became our initiative.
An All Too Familar Pain
Lost & Found for the 21st CenturyIn today's hectic world more and more people are turning to those handy gadgets and mobile products that can be taken with them anywhere they go. The more things consumers own, the more they're prone to lose them.
Windows PDA Medical Software Benefits
PDA Medical BenefitsIf you are concerned about your medical history, the Internet has some great windows medical pda software that is available for free. Freeware is all the rage, and finding good quality freeware that is medically related is easy and fun.
Looking For an MP3 Player?
If you don't have an mp3 player, and even if you do, you should check out all the new stuff that's going on. I'm hoping this article will give you some idea of what kind of mp3 player you want and some tips on what to look for in an mp3 player.
404 Error Pages: What Are They And How Do You Create One?
We've all seen them, you've been browsing a website and you click a link and nothing loads apart from the words '404 Error' along with the usual stuff.So what is a 404 Error page? The 404 Error page, basically informs the user that the server cannot find the file they are looking for.
Computer Consulting 101 PC Troubleshooting Advice
While most small businesses really do need to find a good local computer consulting business to take care of their computer problems, there are some computer problems that are simple enough for even a technophobe to handle. At Computer Consulting 101, we've found there's one very simple piece of advice that often doesn't get communicated to non-technical small business end users: When in doubt, reboot first.
Desktop Security Software Risks - Part 2
This is the third in a series of articles highlighting reasons why we need a new model for anti-virus and security solutions.Reason #2: the Desktop Security Software RisksThe risks of placing software on the desktop are such that I will be breaking this article into two parts.
What Are You Looking For In A Cheap MP3 Player?
Are you stymied by the vast offerings in cheap mp3 players? Don't know which features best suit your needs? Here are some suggestions based upon product reviews by mp3 player owners.The first thing you must consider is how you plan to use your mp3 player.
Font Organizers Review, Part I
Do you know how many fonts are currently installed on your PC? What is the difference between OpenType, TrueType, PostScript Type 1 and Printer fonts? If the answer is 'No', it's time to consider getting a font organizer.TypografThis extremely well-done 32-bit app lets you preview, print, and manage TrueType and Type 1 fonts.
Quick System Restore with ASR Backups
ASR (Automated System Recovery) is a feature available on the Windows XP Pro and Windows Server 2003 operating systems for quick and efficient system backup and restore.Typically, the restore process involves reinstalling the operating system and configuring all physical storage to their original settings before restoring data and settings.
Choosing a Portable MP3 Player: Part 1
MP3 players are everywhere! It seems that the number of makes and models in this market is growing daily, with features and capabilities intended to appeal to just about anyone shopping for one of these devices.MP3 players have been around much longer than the Apple iPod , but there is no arguing that this one device opened the market to a much larger customer base.
How to Place Home Theater Speakers
You have your television and home theater receiver; you just bought your new speakers and subwoofer and are ready to test things out. It's time to break out the measuring tape because precision is vital to achieving the full potential of your home theater system.
Use Your Computer For Your Entertainment Needs
By using your computer today you can find a lot of different music and movie programs. From downloading music and movies directly from the internet to buying subscriptions, joining clubs, and even renting, all from the comfort of your home.
home | site map
All articles are copyright to their owners.
Note: this website lists articles, We do not Write Articles !