The importance of password expiration is an interesting
topic for me. It’s
all over the place online – and rightfully so. There are tons of questions floating around
out there: what is the best duration for a password, should be the same
expiration rate for each user, is password expiration beneficial. It can sometimes be a bit overwhelming to
look at. That being said: there are also
areas surrounding the importance of password expiration that are somewhat
debated (much like the last question above). In that regard, I would like to
take a look at an older article I found interesting and debate some of the
claims therein. Catch up after the jump!
Friday, May 15, 2015
Wednesday, May 13, 2015
Password Policy Best Practices | 4 Ways Being Hacked Educated Me
Here at
HackerAttacker, we talk a lot about how to protect yourself from hackers of all
shapes and sizes (or colors,
as it were). What we rarely talk about is
what it is liked to actually be hacked.
There are countless examples of various individuals being hacked (and
we’ve talked a lot about some big
company hacks as well), so you know it isn’t some rare occurrence. Today, I’m going to talk about some password
policy best practices I learned from being hacked myself, and how the
experience changed the way in which I approach my online security.
Friday, May 8, 2015
Password Generator Using Words | Things to Know
We
all know that hackers are out there and the worst of the lot want the key to
our castle. In today’s world of online banking and VPN access to corporate
accounts, there are many who say we are still using the wrong type of ‘key;’
one that is easily stolen and/or copied.
The password is still around though, for better or worse (though Microsoft
is working on changing that soon, and with it comes the typical issues of
forgotten passwords and account lockouts.
With the average help desk call costing around $25-$30 per call, a
simple solution would be welcome in most environments. Instead of just your typical self-service
password reset solution; why not take a look at a password generator using
words that the user has previously set? If you are interested in reducing help
desk costs and empowering
your users, read on after the jump!
Wednesday, May 6, 2015
What Star Wars Taught Me About Information Security
A belated May the 4th to all of you Star Wars
Fans out there! If you’ve never seen Star Wars: a New
Hope, then beware: Spoilers ahead (also, you should go watch
that. Seriously, go now. We can talk after). Obviously, one of our favorite topics here at
HackerAttacker is security in all its shapes and forms. We’ve talked about various
hackers, how to hack
the government, and even how hacking
is like picking a lock. One thing
that I never really take into consideration, however, is how much security is
thrown in our faces throughout pop culture.
I’m not just talking about advanced techniques seen in movies like
Mission Impossible or James Bond; I’m talking about popular culture both old
and new. Specifically, how Star Wars
taught me more about information security than most any actual course or class
ever could.
Monday, May 4, 2015
Simple USB Token Logon | Secure Authentication
Passwords. Did you even read that word? Passwords are such a staple of everyday life
now that we hardly even recognize when the word even plants itself in front of
us. Half of the time, a website asks us
to enter a username or ID and we immediately fill the blank space beneath it
with a password. We don’t even think
about it. That’s just the way things are
now, especially with people. Don’t you
think it would be nice if you could login without a password though? Sure, it
sounds simple, but what about the fallout surrounding the security
vulnerabilities inherent in using no password?
Let’s talk about that after the jump!
Friday, May 1, 2015
Preventing Phishing Attacks | How to Protect Your Information Online
To this day, entering personal information
online makes many of us feel uneasy. In fact, I sometimes find
myself paying certain bills by submitting a hand-written check through the
mail. In a personal attempt to prevent phishing attacks, it makes sense. Now, some may call this old-fashioned method a waste of time. Maybe it's even being too paranoid
or merely an under-utilization of technology’s modern-day user experience. What can I say, old-fashioned ways tend to have a better ability to prevent phishing attacks!
Subscribe to:
Posts (Atom)