Computer Security Education Without the Caffeine

I am a big fan of podcasts, I listen to them as I drive across Wisconsin.  Mostly, I listen to podcasts related to my hobbies (Daily Giz Wiz, Grammar Girl, and Endurance Planet).  But there are a few podcasts that are educational.  One of them is Security Now, a podcast discussing various aspects of computer security.

Now, the only thing I find more boring than computer security seminars is compliance training.  But it really does not have to be that way.  It is fascinating and scary to understand how people are exploiting the Internet, networks and the desktop for nefarious purposes.  Security Now keeps me interested and helps me ask good questions about our preparations to prevent various threats.  Check it out.

Password Madness

Passwords are such a week security mechanism. It is so typical for people to use one or two passwords for every online account they have. If someone gets that password (perhaps a sysadmin at a web site that you use) they could use it to open all kinds of doors.

Having recognized that, I am not a big fan of web sites that try to prevent that. Today I was reviewing an account I have with GMAC Finance. They require a password with two numeric characters. I cannot imagine anything with two numbers that I can easily remember. Especially at a sit that I visit infrequently.

However, I can top that. Ministry’s Retirement Savings vendor, Diversified Investment Advisors, requires an 8 character user name. What is the sense in that? I can see an 8 character password, but the user name is the part that should be really easy to remember.

In the hospitals we have hundreds of applications. Buying products that plug into our Active Directory authentication scheme is being more and more critical. When you ask your users to remember a lot of complex passwords that change frequently will result in people writing down passwords in places they can find them.