Good and Bad Password Strategies for your Business
Project managers and engineers at technology management and computer services firms commonly wage a “battle of password policy” with the users and administration of the clients we serve. Information engineers must ensure the confidentiality and security of the technology infrastructure, which starts at the end user computer with a password. Most companies have a password policy, sometime dictated by a compliancy standard, other times an adopted standard with loose terms. However, a password requirement is only step number one.
No matter how strong a password policy you have, it won’t do any good if people just jot passwords down on paper and stick it to their monitors. Here are some aspects when it comes to secure passwords:
The Good:
1.Most people don’t fear passwords, they fear remembering passwords. Many users consider this embarrassing or a failure on their part if it happens. Never write a password down.
2.Good passwords have uppercase and lowercase letters. They also can contain numbers, spaces or even special characters such as &%$#. With this in mind, try taking a password you can remember and converting it a bit to make it a bit more complex. Example: (current password) matilda – (new password) M@tild@ or M@T1lda. This increases the security of the password exponentially.
3.Consider longer passwords. Use at least six to eight characters. M@tild@ would be good, but L0vEM@tild@ is much better!
The Bad:
1.Do not use plain English words by themselves (anything in a dictionary), such as ‘dog’’. Consider something stronger such as i.e. ‘p22sswo44rd’.
2.Do not use easily retrievable information by itself, such as your birthday, date of hire, kid’s birthday, phone number…etc.
3.Do not make the password too short i.e. ‘bolt’
4.Lastly do not use the same password for every system or login.
If you really need assistance in remembering a password and must write something down, then do the following.
1.Write a sentence on a post-it note. For example purposes we will use “My daughter is two years old.”
2.Now (mentally) take the second letter of each sentence: “yaswel”
3.Lastly, take your birth date, add it to the end: “yaswel22”
4.Use capitalize to strengthen further: “Yaswel22”
Using this example, all you have to remember is to use the second letter of each word and your birth date and not some obscure random password.
Finally, there are many choices for password management software nowadays which are much more reliable and secure than an excel spreadsheet or writing them all down on notepad paper.
Have A WordPress Blog? This Is What You Must Know About Security
Setup Secure WordPress Blog in 1 step
WordPress blog security is not something most bloggers even consider when they start blogging to make money and yet it could be one of the most significant factors that will impact your success down the road.
But lost productivity and income while your compromised or "hacked blog are not the only problems you are faced with. There are a few more serious impacts to your overall business that unfortunately become obvious way too late.
Expert Consulting Expense. If your blog is a primary site and income generator you simply have to have it properly restored and operational and for most people it mean finding a professional willing to do it for you. I can tell you first hand, as security consultant that it can get very expensive in a very short time. Expert consulting bill tend to increase fast and can end up being very expensive.
Ban by Search Engines. Unknown to most of the people – search engines do ban sites that have been identified as hacked. In many cases owner of the site is blissfully unaware of the fact until someone lets him know about it. It can directly hurt your cash flow as visitors who click on your link in search engine results are presented with a malware worning instead of being sent to your blog. You could have had new visitors but instead you got lost opportunities.
Damaged reputation. If you blog is also used to represent you on the web – your reputation can be damaged in the eyes of potential customers just because your blog was defaced or what is even worth exploited and has malware on it. When your potential customers get infected – you can be damn sure that will let others know about it!
Having a secure WordPress blog can be a simple 3 step process that properly implemented can mean a difference between blogging success and trashed reputation. Chose what fits your needs.
Application Security - IT Risk Management
Application security risk management provides the optimal protection within the constraints of budget, law, ethics, and safety. Performing an overall Application Security risk assessment enables organizations to make wise decisions.
Web Servers - Application Security
Web Servers are One of the most critical sources of Application Security risk to organizations. Performing an application security assessment and implementing security risk management is critical. Here are core points that pose a major security risk to Application Security:
Default configuration - Application Security
Web server default configurations that may not be secure leave unnecessary samples, templates, administrative tools, etc. open to attacks. Poor application security risk management leaves security breaches for hackers to take complete control over the Web server.
Databases - Application Securit
Web sites and applications must be interactive to be useful and there lies the risk… Web applications without sufficient application security allow hackers to attack their databases. Invalid input scripts leads to many of the worst database attacks. Comprehensive risk assessment may reveal steps to ensure application security.
Encryption - Application Security
Encryption reduces application security risks and losses when Web servers are breached. Even though a company’s Intranet server has greater vulnerability to attacks, encryption creates a lower relative risk.
Web Servers - Application Security
Web Servers are the most critical sources of Application Security risk for most companies. Performing application security assessment regularly and implementing security risk management reduces security risk for overall application security.
Databases - Application Security
Web sites and applications must be interactive to be useful and there lies the risk… Web applications that do not perform sufficient application security validation allow hackers to attack its databases. Invalid input leads to many of the most popular attacks. Comprehensive risk assessment may reveal steps to ensure application security.
Default configuration - Application Security
Web servers default configurations often leave unsecured important information, templates and administrative tools open to attacks. Inappropriate application security risk enables hackers to gain control over the Web server and your company’s Application Security. The bright side is there are powerful application security solutions to combat them.
The author’s latest ecommerce is giving advices on HostGator hosting, BlueHost Hosting and Yahoo hosting.