Security covers a broad range of topics, which can all be gathered under the heading: protection against loss.
Loss of what? Anything of value to your business, and that means loss of revenue and/or profit.
Let's look at passwords.
My business, Autograff, develops websites and web applications for individuals and businesses. We administer some of our own servers, and have a good idea what the level of skill of hackers and malicious programmers is: world-class top-shelf, creative, intuitive, and motivated by the possibility of relatively large amounts of income.
One of our webservers recently survived a ten-hour password-guessing attack originating in China. Ten hours of really smart programmers trying to guess our passwords!
That's probably not your usual experience, but the more successful your business is on the web, the more it gets noticed, and the more likely it will come under fire.
No need to run screaming to the door-- just learn how to create and maintain good passwords. It's not rocket science, it's not even bookkeeping. It's just a little thought based on a little knowledge and some record keeping policies.
Many people, maybe most, use short, convenient passwords so they can remember them.
Take this little test. See how many of these apply to you:
- I use the same password for everything
- I use a family member's birthday as my password
- I use my pet's name
- I use my boat's name
- I use the password they emailed to me.
1. I use the same password for everything
This is convenient. Why wouldn't you? The reason is that many, many websites that require a login will email you your username and password after you sign up, or if you forget your password. What's wrong with that? Emails aren't private! They're like postcards-anyone who knows how can read them. There are programs hanging around in cyberspace called "sniffers" that read passing emails and scan them for the words "username" and "password." Autograff makes it a policy never to send passwords in an email, and we recommend this strongly to all our clients. If you use the same password for your email address and for your Google account, and for your church's online membership site, you have left a trail of crumbs for a hacker to follow to get your email password. Email is the heart of identity on the web. Every email address is unique. If you forget your password to a site, it's your email address they use as your guarantee of identity.
If your email password is weak, it's less secure. If someone gets your email password, they can log in to all your sites--your domain registration with GoDaddy, your blog, even your stock management site. They just use the "forgot password" feature, and the site emails you (and them) your password, or a password reset link.
Play hard to get.
Use different passwords for different purposes. Here's how to decide: The more valuable the content of the site is, the more valuable your password is. The challenge is to make it easy for you to remember and hard for others to guess.
Here's one way to create a secure password.
- Free-associate on your hobbies or a vacation or your favorite music, and pick two words that flow through your mind.
- Let's say you've chosen Bahamas and Sushi
- Start by putting them together: BahamaSushi
- That alone is easy to remember, once you've said it a couple of times.
- Choose a couple of numbers. Is your favorite number 8?
- Throw it in there: Bahama8Sushi8
- You notice those three a's? What number do they remind you of? I see a backwards 6. (OK, I'm a designer--I see things). Let's try those:
- B6h6m68Sushi8
- You've got a good one. Those 6's work well--you could scrap the 8's and add something else. Some sites require you to add punctuation to make it harder to guess.
- B6h6m6Sushi!
Write it down and put it in a safe place: not taped to your computer!
Oh, and remember, don't actually use B6h6m6Sushi! Make your own!
Next time: policies in the workplace.
No comments:
Post a Comment