A few months back we had a client’s network compromised by a former employee, stealing information for a competitor.  This network had a high end firewall, an encrypted wireless network, and security measures in place to prevent something like this from happening, yet it still happened. 

It happened because people don’t like to remember a lot of passwords.  I can’t say I blame them, I think we’re all guilty of using the same password all over the place sometimes for years.  Unbeknownst to me, everyone in this company new the boss’ password.  It’s the same password he used on everything, which forced him to let others know what it was so they could do things like configure the security system, login to web sites, setup the phones, etc.  This ex-employee used that password to login to their system after he was released, and downloaded critical data he used to better his position where he was working for a competitor.

I showed him how to change his password after this employee was let go, which he did.  However, putting a “1” at the end of the existing password in my mind doesn’t constitute a password change. 

I can’t stress enough the importance of complex passwords.  Sometimes we will setup a new server for a client who has never had passwords before, and they complain like crazy that I’m forcing them to have a password to sign in, especially complex ones.  To them I say, “wah.”  A complex password must include 3 out of 4 character types: uppercase, lowercase, numbers or symbols.  If you are using a password that doesn’t meet these requirements, I suggest you change it.  Hackers can perform what are called dictionary attacks, where a program will automatically try every word in the dictionary with your username, attempting to get to your data.  Complex passwords aren’t in the dictionary, and are harder to crack with other types of attacks as well. 

If you have a server in your office, changing your password can be easy.  Simply press ctrl-alt-del all at once.  If you see a change password button, click it and follow the instructions.  For machines without a server, the password can be changed in the control panel, under the users section.  It is especially critical for server based networks, as one password could protect access to your machine locally or remotely, as well as access to email or other data. 

Don’t put it on a sticky note underneath your keyboard either. 

Its not difficult to make an existing password meet complexity requirements, just change a lowercase letter to uppercase, through a symbol at the end, and your password becomes complex, and hopefully you can still remember it.  Changing it at least every 6 months or so is not a bad idea either.  Even if you don’t think you’re data is worth protecting, think of the damage it could do in the wrong hands.

Top 7 password mistakes:

Comment (0)

“Insanity: doing the same thing over and over again and expecting different results.” - Albert Einstein 

For those of you that are following the blog, you may be interested to know that I am writing this post from my new Latitude E4300. Overall, I am fairly impressed with the combination of speed and portability. Usually you have to sacrifice one for the other. But I will leave that review for a different post. For anyone who has purchased a computer from I.T.NOW in the past year, you will truly be amazed by my next confession. I am running Vista on my new laptop. I also must confess that this is my third attempt at converting to Vista. Rumor has it that there is currently a pool going on at I.T.NOW betting on when I will switch back to XP (email Jason if you want in on it).  So why do I run Vista when I tell all of my customers to steer clear of it? I guess it is just one of the things I have to know. I can walk anyone through pretty much all functions of XP without having a computer in front of me, so it is time to achieve that same level of familiarity with Vista. That and when I try to install XP on my laptop, the solid state disk appears to cause a blue screen, in spite of how many things I have tried (and I have sadly tried several times).

So, what am I doing differently this time to ensure that I get a different result and don’t go insane? Here are a few tips for those of you who for one reason or another are on the Vista bus.

·         Don’t complain about it in front of your Mac friends. They will just talk to you about the latest “I’m a Mac” commercial and make you regret your decision.

·         Feed the beast. If you don’t have 4GB of memory, upgrade. If you don’t have a video card, consider adding one. If you can use a faster hard drive (10,000 RPM Raptor or a Solid State Disk), you won’t regret the price.

·         Unvistafy Vista. Part of what makes Vista more secure than XP is all of the extra layers of security, which means you have to click a lot more than you would have to on an XP machine. The technician in me has to warn you that this will make Vista less secure. But you wish you had XP, so this isn’t that big of a deal. Wired Magazine has a great Wiki on some steps you can take to clean up Vista.

·         Relax. In less than two years, you will get to do it all over again with Windows 7

Comment (0)