Eddie Awad’s Blog - Latest Comments in Top ten tips for better password managementhttp://awads.disqus.com/News, views, tips and tricks on Oracle and other fun stuffenMon, 28 Jul 2008 18:52:08 -0000Re: Top ten tips for better password managementhttp://awads.net/wp/2006/05/16/top-ten-tips-for-better-password-management/#comment-3658576<p>Good points Marvin.</p>Eddie AwadMon, 28 Jul 2008 18:52:08 -0000Re: Top ten tips for better password managementhttp://awads.net/wp/2006/05/16/top-ten-tips-for-better-password-management/#comment-3658575<p>There is a fundamental problem with password security which is epitomised in these rules/tips, it assumes that users are normal people. They aren't! They have no idea of the work that is needed to recover from a password compromise attack, no knowledge of the risk to their business of data loss or theft, not a clue on what to do to limit the damage caused by an elecronic break in.</p><p>Why Should They? They are the users. That is what the Sysadmin does.</p><p>Thus I have a problem with tip 8. The automatic forcing of password changes every XX days is a bad practice. As is complexity management ie making people use very high complexity passwords on a regular changing cycle. If this is realy essential then companies should look for another method of security management such as CHAP or Biometrics. <br>Forcing users to change passwords every xx days increases the chance of weak paswords. High complexity password increases the chance of the passwords being written down.</p><p>A far better method of good password management is EDUCATION!!! teach users to use sensible good passwords. Work with the users to ensure that they chose sensible passwords that are secure, manageable and above all private.</p>MarvinMon, 28 Jul 2008 07:17:10 -0000Re: Top ten tips for better password managementhttp://awads.net/wp/2006/05/16/top-ten-tips-for-better-password-management/#comment-3658574<p>Password is very important. And it should not be stored in computer. There are many differenct passwords for me. It is hard to remmeber all. So what I do with the password. I converted my passwords into my own codes and write them down on my small book. Even someone see my book but they could not understand the codes.</p>LookingSoftwareFri, 18 Apr 2008 10:32:56 -0000Re: Top ten tips for better password managementhttp://awads.net/wp/2006/05/16/top-ten-tips-for-better-password-management/#comment-3658573<p>A bit agree, Mr Awads, but i think we should perform a 'small risk assessment first' into the area that consider as high security risk or lower security risk. The higher security risk need higher password management to.</p><p>For better passsword management using <a href="http://passwordsafe.sourceforge.net/" rel="nofollow noopener" target="_blank" title="http://passwordsafe.sourceforge.net/">http://passwordsafe.sourcef...</a> is recommended</p>Anjar PriandoyoTue, 26 Feb 2008 22:13:01 -0000Re: Top ten tips for better password managementhttp://awads.net/wp/2006/05/16/top-ten-tips-for-better-password-management/#comment-3658572<p>Regarding number 4, where I work, I am forced to change my Windows logon password every three months. This is more like <i>force </i>than <i>foster</i>. But I'm fine with it because it definitely is more secure that way. It is more hassle for me, but more secure for the company. After all, it's always a compromise.</p>Eddie AwadWed, 17 May 2006 15:25:54 -0000Re: Top ten tips for better password managementhttp://awads.net/wp/2006/05/16/top-ten-tips-for-better-password-management/#comment-3658571<p>All good advice, but a list of do's and don'ts is no way to "foster a culture" of anything - either users will take the advice on board or they will give up because it's all too difficult.</p><p><br></p><p>The exceptions are tips #3 and #10, which are things the company needs to do to foster a culture of security. In lieu of #10, #9 is probably a necessity but even that will not foster a culture of secure password management.</p>Jeff KempWed, 17 May 2006 01:50:06 -0000Re: Top ten tips for better password managementhttp://awads.net/wp/2006/05/16/top-ten-tips-for-better-password-management/#comment-3658570<p>areyoukidding, are you kidding me? You're free to store your passwords where ever you want, but I would never store my passwords in <b>plain text</b> either on paper or in a file on a computer.</p><p><br></p><p>The main reason I use a software program to manage my passwords is because of <b>password encryption</b>. So, even if someone gains access to my password file, that person will not be able to read my passwords.</p>Eddie AwadTue, 16 May 2006 21:19:15 -0000Re: Top ten tips for better password managementhttp://awads.net/wp/2006/05/16/top-ten-tips-for-better-password-management/#comment-3658569<p>With all the corruption we hear about these days between governments and software and web companies, I'm not so sure I'd trust storing all of my passwords in any sort of software. I say, think pen and paper, write that shit down and lock it up. If you can't remember one of your dozens of password be sure NOT to forget the combination to your safe and go look it up. But I assure you, if you store your password in a file on your computer, someone, sometime or another will hack that shit.</p>areyoukiddingTue, 16 May 2006 16:33:01 -0000