Serious Security

  • Comments posted to this topic are about the item Serious Security

  • I think that security is the duty of all involved from end-user to developer. However, one thing to consider in the economics of security is the annoyance and cost of too much security. There is a balance and going overboard will likely drive a bunch of users away.

    Jason...AKA CirqueDeSQLeil
    _______________________________________________
    I have given a name to my pain...MCM SQL Server, MVP
    SQL RNNR
    Posting Performance Based Questions - Gail Shaw[/url]
    Learn Extended Events

  • I work with one client which has so many layers of security and training to access their network, it has taken me 2 days on occasion to even gain access to what I need. There's education and online training, dire warning of consequences of misuse etc etc.

    Unfortunately the effect is that people tend to quietly share account details simply to get the job done. I guess it's a tricky balance. I'm pretty disciplined but probably even then, I know, not as rigorous as I might be.

  • I use Keepass for storing my passwords, it is only way to remember them all.

    For example, password for my Gmail acc. is 56 characters long and I'm changing it every 2 months.

    I use shorter passwords for forums, it's all about priorities.

    -------------------------------------------------------------
    "It takes 15 minutes to learn the game and a lifetime to master"
    "Share your knowledge. It's a way to achieve immortality."

  • Hey Steve,

    Great post on security! I do use password safe here at work religiously, but I was curious if there was something out there that does the same thing on a mobile device (ie. idevice, droid, ect.)? Does anyone know the good ones from the crapware out there?

    Thanks!

    B.J. Fentress

    @bjfentress

  • We have a credit card application that requires password complexity and that it be changed every 90 days and I imagine all of them are required to do this because of regulations deep in the bowels of the PCI compliance documentation. If I can find a software that doesn't require this, I'll switch. In the meantime, a post-it note is nearby (though not stuck to the monitor). Dito for our banking software (that only allows deposits...no check writing allowed).

    The human factor will always override the digitial factor.

  • It seems to me that a big factor in this is just password fatigue. We have so many password "protecting" things from the very important like bank accounts and company data to trivial things like this forum, frankly, and other such stuff. Of course, some passwords are to protect the user and some are to protect the data provider. Personally, I am far less conscious about passwords when it is to protect the provider for knowledge bases, etc.

  • bj_fentress (1/17/2013)


    Hey Steve,

    Great post on security! I do use password safe here at work religiously, but I was curious if there was something out there that does the same thing on a mobile device (ie. idevice, droid, ect.)? Does anyone know the good ones from the crapware out there?

    Thanks!

    B.J. Fentress

    @bjfentress

    I use pwsafe on iOS. Syncs with my Password Safe syncs on laptop/desktop with Dropbox.

    There's a few here: http://pwsafe.org/relatedprojects.shtml

  • Awesome! I will check it out! Thanks!

  • 1password from https://agilebits.com/onepassword. I have it on my work computer, home PC and desktop, android phone. And it is updated between all three computer automatically.

    It will give you randomly generated password and is used directly in the browser (Firefox, Chrome and IE).

    I've used it for the past three years. Supports PC, Mac, Android and IOS.

  • D.Oc (1/17/2013)


    I use Keepass for storing my passwords, it is only way to remember them all.

    For example, password for my Gmail acc. is 56 characters long and I'm changing it every 2 months.

    I use shorter passwords for forums, it's all about priorities.

    Same here, and you can't beat the price either.:-D

    "Technology is a weird thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ...:-D"

  • Barry Wright-268269 (1/17/2013)


    It seems to me that a big factor in this is just password fatigue. We have so many password "protecting" things from the very important like bank accounts and company data to trivial things like this forum, frankly, and other such stuff.

    Frankly just about the only reason to have a unique password at a site like this one, is so that it's not reused elsewhere where the password is important. That way if this site has bad practices or a disgruntled employee, nothing important is compromised.

    I wish this site used OpenID so that there'd be one less site to remember.

  • Any time someone brings up password security I always think of this XKCD commentary[/url]



    ----------------
    Jim P.

    A little bit of this and a little byte of that can cause bloatware.

  • Jim P. (1/17/2013)


    Any time someone brings up password security I always think of this XKCD commentary[/url]

    Except that for a site that you visit once a week, let alone once a month or once a year, you haven't memorized it, you've forgotten all about it. It may have taken you an hour of looking around to even FIND the site, you aren't going to remember the password, unless of course it's the password you use everywhere else.

    Which is the advantage of OpenID -- you don't have to remember the password, you just have to be using the same OpenID provider as you were a year ago.

    Pasword safe's are fine, but they may not be trusted -- or used frequently enough to be considered worthwhile.

  • john.moreno (1/17/2013)


    Except that for a site that you visit once a week, let alone once a month or once a year, you haven't memorized it, you've forgotten all about it. It may have taken you an hour of looking around to even FIND the site, you aren't going to remember the password, unless of course it's the password you use everywhere else.

    I use XMarks for most of the web.

    My problem is when you get into some of these sites -- you have to have a capital, a number and a character. Then they advertise you can access them from a phone app. But you are restricted from saving the password, or even the strange login name that you have to use that is totally separated from your e-mail account or your typical user id.

    I have over five credit cards, a mortgage, a car loan, my work's website, more than seven SQL and other forums that I participate in. I also have my own website.

    I'm smart enough to group my passwords from financial, to e-mail to forums, etc. But I still have locked myself out so hard that a fin site had to send me a snail-mail to unlock my account.



    ----------------
    Jim P.

    A little bit of this and a little byte of that can cause bloatware.

Viewing 15 posts - 1 through 14 (of 14 total)

You must be logged in to reply to this topic. Login to reply