• Lessons from the recent RSA security conference

    Home » Forums » Newsletter and Homepage topics » Lessons from the recent RSA security conference

    Author
    Topic
    #499812


    ON SECURITY[/size][/font]

    Lessons from the recent RSA security conference[/size]

    By Michael Lasky

    The ongoing fight against malware infections is waged on many fronts, as was made clear at this year’s RSA conference, held last month in San Francisco, California. But the best practices for protecting ourselves from online treat remains much the same: maintain strong passwords and be careful what you click.


    The full text of this column is posted at WindowsSecrets.com/on-security/lessons-from-the-recent-rsa-security-conference/ (paid content, opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.[/td]

    [/tr][/tbl]

    Viewing 8 reply threads
    Author
    Replies
    • #1503355

      Ideally, you should change critical passwords every three months.

      But no one can ever explain why.

      Is it to thwart the hacker who’s been trying to crack my password for 2 months 29 days?

    • #1503418

      I think its for the case where hacker has obtained your password from someplace like a website Security breach unbeknownst to you.

      Jerry

      • #1503430

        I think its for the case where hacker has obtained your password from someplace like a website Security breach unbeknownst to you.

        … and has chosen not to use it for up to three months?

      • #1504039

        :flee: Let me barge in here with both arms flailing!
        The whole change your password every xxxx for a corporate policy seems to me to be a bit counter productive, add a 15 digit minimum and you get scribbles under the keyboard. In my case I had a perfectly service able system to make an 13 character password to log onto an internal company computer. After a breach in the system via a VPN account (to which the change password scheme made better address) we had to make a 15 character password with at least 1 cap, 1 lowercase, 1 digit and 1 special. For last several months logging in I used 1111111111!Qqqq then when forced to change I used a different digit . Followed the company policy. Easy enough to remember but hardly as secure as my own system.

        🍻

        Just because you don't know where you are going doesn't mean any road will get you there.
        • #1504055

          The whole change your password every xxxx for a corporate policy seems to me to be a bit counter productive, add a 15 digit minimum and you get scribbles under the keyboard.

          Agreed; extremely counter-productive.

          The only possible justification I’ve ever been able to recognize is that in some situations where a group of staff perform similar functions it can discourage password sharing.

          Otherwise, when someone forgets their password it’s too tempting to borrow their colleague’s rather than bother to get it reset which can be inconvenient.

          With forced password changes every one or three months, knowing your friend’s password for emergencies becomes more difficult.

          For regular users and personal use, I think it achieves absolutely nothing (but auditors like it as an item to flag).

    • #1503443

      They could be using it at any time without your knowledge. I don’t use this rule myself. I’m just speculating on why its recommended by some.

      Jerry

    • #1503447

      … as they could be on day one of your new password.

    • #1503525

      Something rules out a security breach after you change a password? :confused:

      • #1503529

        I’m referring to the several computer breach’s at places like Target where User IDs and passwords have been stolen. Its not a perfect defense but if your password is changed (even though you may not be aware of the breach) before its sold, it may block access to your account(s).

        Jerry

    • #1503531

      I think the most important rule right now, about online passwords, is never to use the same password for a different website. Ever. That makes breaches rather irrelevant, in terms of accessing other accounts from the same user.

      • #1503534

        I think the most important rule right now, about online passwords, is never to use the same password for a different website. Ever. That makes breaches rather irrelevant, in terms of accessing other accounts from the same user.

        I fully agree with this. This discussion about changing passwords on a regular basis is rather pointless. I was just trying to point out a rational for it. It doesn’t cover many cases and is just a tiny extra layer of protection that I personally don’t use. I’m done commenting on it.

        Jerry

    • #1503532

      In the Target data breach, the Hackers penetrated Target’s servers and the breach was repaired. The User Ids and passwords remain for sale today. There are several other cases.

      Jerry

    • #1503535

      Brian Krebs’ blog section on data breaches is worth reading.

      • #1503539

        Does any one remember that early last year RSA “GAVE” their latest 4096 code to the NSA???

        If you think that your encrypted messages are unbreakable–think again!!!!

    • #1504316

      it can discourage password sharing.

      Ok I can see that. Bio metrics on the way ~~~~~~~~~~~~~

      🍻

      Just because you don't know where you are going doesn't mean any road will get you there.
    Viewing 8 reply threads
    Reply To: Lessons from the recent RSA security conference

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: