Monthly Archives: September 2012

Good Password Practices

Use different passwords for your computer and online services. And it is good to segment your online service passwords, or keep them altogether different.  I have seen a number of systems for doing this; some bad, some mediocre, and some extremely sophisticated.  My favorite involves a root password that varies depending on the year, and whether the online account is email, social media, banking, low security, etc.

It is good practice to change passwords on a regular basis and to avoid simple passwords; especially those that are easily guessed. It’s debatable whether enforced, frequent changes of complicated passwords are always constructive (making you trade a security vulnerability for a social engineering vulnerability if you have a tendency to write your passwords down and hide them under the keyboard).

If a criminal guesses or cracks one of your passwords, using different passwords for other services and for your system passwords considerably limits the damage that he or she can do. If, on the other hand, you use the same password for all of your accounts, you run the risk that one lucky guess will give the criminal the keys to the kingdom. One of the reasons that trivial accounts are sometimes phished is that they give a cracker a head start on guessing the password for other, more profitable accounts.

You may find this SANS newsletter on keeping your passwords safe, interesting, and useful: http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201105_en.pdf.

TRA Consulting, Inc.
375 Redondo Avenue #153
Long Beach, CA 90814


Do you need administrative privileges?

Use an account on your computer that doesn’t have administrative privileges to reduce the likelihood of installing malware; and to reduce the likelihood of making severe and catastrophic changes to your system.  Password protect the “administrator” account, and create a “limited” user account for daily use.

Most system administrators adhere to the principle of “least privilege”.  That is, users should only be given the least amount of access and privilege necessary to perform their duties.  The more privilege you have, the more damage a user can do; intentionally or unwittingly.
If you happen to run a small business with a file server or a workstation acting as a file server and you have not limited access to critical data from your users, you have a ticking time-bomb waiting to go off.  Run through a scenario of what would happen if all of your data was wiped out.  Is your data backed up?  Do you have redundancy? In this scenario, some organization would cease to operate; in other cases an organization’s operations would be severely crippled.  Don’t be that organization.  Contact TRA for a free consultation and analysis.
TRA Consulting, Inc.
375 Redondo Avenue #153
Long Beach, CA 90814

IT Consulting      |       Managed IT       |      Cloud       |       Desktop Support         |       Privacy        |       Term of Use         |       Contact Us