2012年1月24日 星期二

Hey Mr Gullible, Stop Sharing Your Password!


In our never-ending attempt to keep our offline businesses and online websites free of inside and outside attacks, we must never lose sight of the benefits associated with effective passwords.

Sure, anti-viruses protect computers before they go online, and once online, SSL certificates serve their purpose. Security scanning and verification services not only keep hackers away, but also let online shoppers know that sites are safe by displaying trust seals. However, effective passwords will protect most areas that online hackers and office troublemakers want to infiltrate.

Much of the "hacking" that is going on in the business world today is from people that work in the same office! The all-too-common statement: "Hey buddy, I need that file, what's your password?" is penetrating the once-protected personal and professional documents of the gullible and trusting.

The Payment Card Industry (PCI) requires that website owners assign a unique ID to each person with computer access, then requests that they set a private password. As with any computer action, knowing who is accountable is critical when it comes to handling credit card transactions. And how can you know who is responsible if you're sharing passwords?

The act of sharing passwords has gotten more people in more legal and financial problems than any other business issue. If an important file or folder is taken, using your password, how will you show that you didn't take it? If something is done wrong by someone else, like compromising a document, or transferring accounts comprised of financial or monetary data, and it is done with your password, it is extremely difficult to prove that you were not involved.

Keep your password safe. Whether it is locked up in a physical or online safe, in a personal binder that never leaves you, or in your head, you should keep your password in an environment where others won't be able to locate it.

In addition to making an individualized password and keeping it private, you should make it at least seven characters long. Shorter passwords are easy to steal from passersby. It should contain upper and lower case letters, numerals, and special characters. The more you mix up the password's numbers, letters, and special characters, the better. One of the numbers or special characters should be in the second through sixth position (not first or last).

Change your password often - no matter how safe you think it is, and make it significantly different from prior passwords. I had a boss once who told me that he had the same password every month, but only changed the last numbers of it to reflect which month it was. I think "tootrusting11" was the password he used for November! I do not recommend using his system.

Do not use a common name or a common word as a password, and refrain from using your own name or user name. Spouse, children, and pet names are also ineffective. Thousands of documents have been stolen or compromised by passwords like "password", "business", and "Ultimate Frisbee". Wrongdoers have guessed passwords including the company's name or industry - and surprisingly, their guess was right.

In short, along with keeping your website's SSL active and performing PCI scans, you should create unique passwords, change them often, and keep them private. Don't be Mr. Gullible.




Author: Aaron Brandley is an independent website specialist. To view more information on website security and overall online shopping safety, visit http://www.pci-compliance.us To purchase PCI Compliant website security scanning, go to http://www.go.Trust-Guard.com





This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

沒有留言:

張貼留言