Search Results

Search found 13256 results on 531 pages for 'password policy'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 19/531 | < Previous Page | 15 16 17 18 19 20 21 22 23 24 25 26  | Next Page >

  • [GEEK SCHOOL] Network Security 1: Securing User Accounts and Passwords in Windows

    - by Matt Klein
    This How-To Geek School class is intended for people who want to learn more about security when using Windows operating systems. You will learn many principles that will help you have a more secure computing experience and will get the chance to use all the important security tools and features that are bundled with Windows. Obviously, we will share everything you need to know about using them effectively. In this first lesson, we will talk about password security; the different ways of logging into Windows and how secure they are. In the proceeding lesson, we will explain where Windows stores all the user names and passwords you enter while working in this operating systems, how safe they are, and how to manage this data. Moving on in the series, we will talk about User Account Control, its role in improving the security of your system, and how to use Windows Defender in order to protect your system from malware. Then, we will talk about the Windows Firewall, how to use it in order to manage the apps that get access to the network and the Internet, and how to create your own filtering rules. After that, we will discuss the SmartScreen Filter – a security feature that gets more and more attention from Microsoft and is now widely used in its Windows 8.x operating systems. Moving on, we will discuss ways to keep your software and apps up-to-date, why this is important and which tools you can use to automate this process as much as possible. Last but not least, we will discuss the Action Center and its role in keeping you informed about what’s going on with your system and share several tips and tricks about how to stay safe when using your computer and the Internet. Let’s get started by discussing everyone’s favorite subject: passwords. The Types of Passwords Found in Windows In Windows 7, you have only local user accounts, which may or may not have a password. For example, you can easily set a blank password for any user account, even if that one is an administrator. The only exception to this rule are business networks where domain policies force all user accounts to use a non-blank password. In Windows 8.x, you have both local accounts and Microsoft accounts. If you would like to learn more about them, don’t hesitate to read the lesson on User Accounts, Groups, Permissions & Their Role in Sharing, in our Windows Networking series. Microsoft accounts are obliged to use a non-blank password due to the fact that a Microsoft account gives you access to Microsoft services. Using a blank password would mean exposing yourself to lots of problems. Local accounts in Windows 8.1 however, can use a blank password. On top of traditional passwords, any user account can create and use a 4-digit PIN or a picture password. These concepts were introduced by Microsoft to speed up the sign in process for the Windows 8.x operating system. However, they do not replace the use of a traditional password and can be used only in conjunction with a traditional user account password. Another type of password that you encounter in Windows operating systems is the Homegroup password. In a typical home network, users can use the Homegroup to easily share resources. A Homegroup can be joined by a Windows device only by using the Homegroup password. If you would like to learn more about the Homegroup and how to use it for network sharing, don’t hesitate to read our Windows Networking series. What to Keep in Mind When Creating Passwords, PINs and Picture Passwords When creating passwords, a PIN, or a picture password for your user account, we would like you keep in mind the following recommendations: Do not use blank passwords, even on the desktop computers in your home. You never know who may gain unwanted access to them. Also, malware can run more easily as administrator because you do not have a password. Trading your security for convenience when logging in is never a good idea. When creating a password, make it at least eight characters long. Make sure that it includes a random mix of upper and lowercase letters, numbers, and symbols. Ideally, it should not be related in any way to your name, username, or company name. Make sure that your passwords do not include complete words from any dictionary. Dictionaries are the first thing crackers use to hack passwords. Do not use the same password for more than one account. All of your passwords should be unique and you should use a system like LastPass, KeePass, Roboform or something similar to keep track of them. When creating a PIN use four different digits to make things slightly harder to crack. When creating a picture password, pick a photo that has at least 10 “points of interests”. Points of interests are areas that serve as a landmark for your gestures. Use a random mixture of gesture types and sequence and make sure that you do not repeat the same gesture twice. Be aware that smudges on the screen could potentially reveal your gestures to others. The Security of Your Password vs. the PIN and the Picture Password Any kind of password can be cracked with enough effort and the appropriate tools. There is no such thing as a completely secure password. However, passwords created using only a few security principles are much harder to crack than others. If you respect the recommendations shared in the previous section of this lesson, you will end up having reasonably secure passwords. Out of all the log in methods in Windows 8.x, the PIN is the easiest to brute force because PINs are restricted to four digits and there are only 10,000 possible unique combinations available. The picture password is more secure than the PIN because it provides many more opportunities for creating unique combinations of gestures. Microsoft have compared the two login options from a security perspective in this post: Signing in with a picture password. In order to discourage brute force attacks against picture passwords and PINs, Windows defaults to your traditional text password after five failed attempts. The PIN and the picture password function only as alternative login methods to Windows 8.x. Therefore, if someone cracks them, he or she doesn’t have access to your user account password. However, that person can use all the apps installed on your Windows 8.x device, access your files, data, and so on. How to Create a PIN in Windows 8.x If you log in to a Windows 8.x device with a user account that has a non-blank password, then you can create a 4-digit PIN for it, to use it as a complementary login method. In order to create one, you need to go to “PC Settings”. If you don’t know how, then press Windows + C on your keyboard or flick from the right edge of the screen, on a touch-enabled device, then press “Settings”. The Settings charm is now open. Click or tap the link that says “Change PC settings”, on the bottom of the charm. In PC settings, go to Accounts and then to “Sign-in options”. Here you will find all the necessary options for changing your existing password, creating a PIN, or a picture password. To create a PIN, press the “Add” button in the PIN section. The “Create a PIN” wizard is started and you are asked to enter the password of your user account. Type it and press “OK”. Now you are asked to enter a 4-digit pin in the “Enter PIN” and “Confirm PIN” fields. The PIN has been created and you can now use it to log in to Windows. How to Create a Picture Password in Windows 8.x If you log in to a Windows 8.x device with a user account that has a non-blank password, then you can also create a picture password and use it as a complementary login method. In order to create one, you need to go to “PC settings”. In PC Settings, go to Accounts and then to “Sign-in options”. Here you will find all the necessary options for changing your existing password, creating a PIN, or a picture password. To create a picture password, press the “Add” button in the “Picture password” section. The “Create a picture password” wizard is started and you are asked to enter the password of your user account. You are shown a guide on how the picture password works. Take a few seconds to watch it and learn the gestures that can be used for your picture password. You will learn that you can create a combination of circles, straight lines, and taps. When ready, press “Choose picture”. Browse your Windows 8.x device and select the picture you want to use for your password and press “Open”. Now you can drag the picture to position it the way you want. When you like how the picture is positioned, press “Use this picture” on the left. If you are not happy with the picture, press “Choose new picture” and select a new one, as shown during the previous step. After you have confirmed that you want to use this picture, you are asked to set up your gestures for the picture password. Draw three gestures on the picture, any combination you wish. Please remember that you can use only three gestures: circles, straight lines, and taps. Once you have drawn those three gestures, you are asked to confirm. Draw the same gestures one more time. If everything goes well, you are informed that you have created your picture password and that you can use it the next time you sign in to Windows. If you don’t confirm the gestures correctly, you will be asked to try again, until you draw the same gestures twice. To close the picture password wizard, press “Finish”. Where Does Windows Store Your Passwords? Are They Safe? All the passwords that you enter in Windows and save for future use are stored in the Credential Manager. This tool is a vault with the usernames and passwords that you use to log on to your computer, to other computers on the network, to apps from the Windows Store, or to websites using Internet Explorer. By storing these credentials, Windows can automatically log you the next time you access the same app, network share, or website. Everything that is stored in the Credential Manager is encrypted for your protection.

    Read the article

  • SQL SERVER – Reset SA Password – SQL in Sixty Seconds #066

    - by Pinal Dave
    It has been quite a long time since I posted SQL in Sixty Seconds Video. Here we are back with the new video. One of the most popular question, I often receive is very similar to following: “How do I reset the password for SA username?” “I have forgotten the SA password, what should I do?” “Our DBA just left the job and now noone knows how to reset the SA password. Please help.” Solution Honestly, it is pretty simple to reset the password for SA username. You just have to login to the system where your SQL Server is installed. Open SQL Server Management Studio and login with the help of Windows Authentication. As local system is the admin of the SQL Server, you will get access with administration privileges. Now, open the database, expand Security >> Login folder and right click over SA username. Now, it will bring up the screen where you can change the password for SA. SQL in Sixty Seconds Video I have attempted to explain the same subject in simple words over in following video. Action Item Here are the blog posts I have previously written on the subject of SA password. You can read it over here:  SQL SERVER – Forgot the Password of Username SA Change Password of SA Login Using Management Studio You can subscribe to my YouTube Channel for frequent updates. Reference: Pinal Dave (http://blog.sqlauthority.com)Filed under: Joes 2 Pros, PostADay, SQL, SQL Authority, SQL Query, SQL Server, SQL Tips and Tricks, SQLAuthority Book Review, SQLAuthority News, T SQL, Video

    Read the article

  • Save password in WCF adapter binding file

    - by Edmund Zhao
    Binding file for WCF Adapter doesn't save the password no matter it is generated by "Add Generated Items..." wizard in Visual Studio or "Export Bindings..." in administration console. It is by design dut to the consideration of security, but it is very annoying especially when you import bindings which contain multiple WCF send ports. The way to aviod retyping password everytime after an import is to edit the binding file before import. Here is what needs to be done. 1. Find the following string:     &lt;Password vt="1" /&gt; "&lt;" means "<", "&gt;" means ">", "vt" means "Variable Type", variable type 1 is "NULL", so the above string can be translated to "<Password/>" 2. Replace it with:     &lt;Password vt="8"&gt;MyPassword&lt;/Password&gt;    variable type 8 is "string", the above string can be transalted to "<Password>MyPassword</Password>"   Binding file uses a lot of character entity references for XML character encoding purpose. For a list of the special charactor entiy references, you can check from here. ...Edmund Zhao

    Read the article

  • Password correct? then redirect [migrated]

    - by RevCity
    So I have this code and I need it to only redirect when the correct password is added. Only problem is that I dont know what to add that will make it only redirect if the password is "hello" I understand that using "view-source" would reveal the password, I don't mind that, its the way I want it. I basically just need to know what to add and where to add it. Sooo: Redirects if "hello" is typed into password field. Does nothing if anything else is put into the password field. <div class="wrapper"> <form class="form1" action="http://google.com"> <div class="formtitle">Enter the password to proceed</div> <div class="input nobottomborder"> <div class="inputtext">Password: </div> <div class="inputcontent"> <input type="password" /> <br/> </div> </div> <div class="buttons"> <input class="orangebutton" type="submit" value="Login" /> </div> </div> I hope this was clear and could be understood.

    Read the article

  • PHP driven site needs password change.

    - by Drea
    I have inherited a website that needs the password changed that accesses the database. I can see that there are two tables within the database but neither of them have username or password info. The previous web guy moved out of the country and can't be reached. I am not up-to-speed enough to figure this out. I have gone through all the files to try and find the answer but can't get it. It's hosted by goDaddy.com and I have changed the passwords there but it didn't change this login info. www.executivehomerents.com/cpanel <-this brings up the prompt for the username & password which I won't give out but the page only gives you 5 choices and none of them deal with changing the password. They are simply to change the data in the tables. If you go to: http://www.websitedatabases.com/ <=this is the company that the PHPMagic program was purchased from-- They have no contact number. Here is another page that might help: http://www.executivehomerents.com/cpanel/dbinput/setup.php I don't think I'll get an answer to this but it's worth a try... thanks.

    Read the article

  • Secure method of changing a user's password via Python script/non-interactively

    - by Matthew Rankin
    I've created a Python script using Fabric to configure a freshly built Slicehost Ubuntu slice. In case you're not familiar with Fabric, it uses Paramiko, a Python SSH2 client, to provide remote access "for application deployment or systems administration tasks." One of the first things I have the Fabric script do is to create a new admin user and set their password. Unlike Pexpect, Fabric cannot handle interactive commands on the remote system, so I need to set the user's password non-interactively. At present, I'm using the chpasswd command to change the password. This transmits the password as clear text over SSH to the remote system. Questions Is my current method of setting the password a security concern? Currently, the drawback I see is that Fabric shows the password as clear text on my local system as follows: [xxx.xx.xx.xxx] run: echo "johnsmith:supersecretpassw0rd" | chpasswd. Since I only run the Fabric script from my laptop, I don't think this is a security issue, but I'm interested in others' input. Is there a better method for setting the user's password non-interactively? Another option, would be to use Pexpect from within the Fabric script to set the password. Current Code # Fabric imports and host configuration excluded for brevity root_password = getpass.getpass("Root's password given by SliceManager: ") admin_username = prompt("Enter a username for the admin user to create: ") admin_password = getpass.getpass("Enter a password for the admin user: ") env.user = 'root' env.password = root_password # Create the admin group and add it to the sudoers file admin_group = 'admin' run('addgroup {group}'.format(group=admin_group)) run('echo "%{group} ALL=(ALL) ALL" >> /etc/sudoers'.format( group=admin_group) ) # Create the new admin user (default group=username); add to admin group run('adduser {username} --disabled-password --gecos ""'.format( username=admin_username) ) run('adduser {username} {group}'.format( username=admin_username, group=admin_group) ) # Set the password for the new admin user run('echo "{username}:{password}" | chpasswd'.format( username=admin_username, password=admin_password) ) Local System Terminal I/O $ fab config_rebuilt_slice Root's password given by SliceManager: Enter a username for the admin user to create: johnsmith Enter a password for the admin user: [xxx.xx.xx.xxx] run: addgroup admin [xxx.xx.xx.xxx] out: Adding group `admin' (GID 1000) ... [xxx.xx.xx.xxx] out: Done. [xxx.xx.xx.xxx] run: echo "%admin ALL=(ALL) ALL" >> /etc/sudoers [xxx.xx.xx.xxx] run: adduser johnsmith --disabled-password --gecos "" [xxx.xx.xx.xxx] out: Adding user `johnsmith' ... [xxx.xx.xx.xxx] out: Adding new group `johnsmith' (1001) ... [xxx.xx.xx.xxx] out: Adding new user `johnsmith' (1000) with group `johnsmith' ... [xxx.xx.xx.xxx] out: Creating home directory `/home/johnsmith' ... [xxx.xx.xx.xxx] out: Copying files from `/etc/skel' ... [xxx.xx.xx.xxx] run: adduser johnsmith admin [xxx.xx.xx.xxx] out: Adding user `johnsmith' to group `admin' ... [xxx.xx.xx.xxx] out: Adding user johnsmith to group admin [xxx.xx.xx.xxx] out: Done. [xxx.xx.xx.xxx] run: echo "johnsmith:supersecretpassw0rd" | chpasswd [xxx.xx.xx.xxx] run: passwd --lock root [xxx.xx.xx.xxx] out: passwd: password expiry information changed. Done. Disconnecting from [email protected]... done.

    Read the article

  • Monitor SQL Server Agent Jobs with Policy Based Management

    I need to monitor all the SQL Agents to find out if a job failed in the last 24 hours. Could this be done with policy based management? If so, can you show me how to create the policy? Join SQL Backup’s 35,000+ customers to compress and strengthen your backups "SQL Backup will be a REAL boost to any DBA lucky enough to use it." Jonathan Allen. Download a free trial now.

    Read the article

  • Windows Web Server 2008 R2 Server Core local password complexity

    - by Dennis Allen
    How can I disable the local user account password complexity settings on Windows 2008 R2 "Server Core"? I am trying to migrate our windows 2003 web server to windows 2008 R2. I am trying to see if I can use the "Server Core" install, and it has been a very internet search intensive experience. What I can't find out how to do is to find out how to disable password complexity for local user accounts. While our user account generator currently creates nice strong passwords, there was a time when this was not the case and unfortunately forcing the users to change their password is not an option at this time. Any help greatly appreciated. Dennis

    Read the article

  • Changing postgres user password in a master-slave setup

    - by NRS
    We have PITR setup and WAL shipping enabled. We would like to change the password for the user postgres. The process is simple enough. However, since we cannot connect to the SLAVE how would we make sure all passwords are in synch? Would temporarily disabling WAL shipping allow me to connect to the slave to change the password there? I cant seem to find documentation on a clean way to implement this password change and I don't have a test environment.

    Read the article

  • Prevent password leakage while using sql* loader

    - by Jai
    I have shell script calling Sql*loader utility which inturn uses username/password as arguments. This details cannot be stored on server in any form due to security related policies. i got 2 approaches to handle this situation, 1. create hidden parameter file with login details and limit the access to owner. again the implication is i cannot store login data in any format on server 2. Create the user as OS authenticated and straight away login into sql without any userid/password I am not able to figure out risks involved in 2nd approach which u experienced folks could have come across. let me know if there is any other approach to handle password leakage issue

    Read the article

  • Retrieving text from password field [python][pyqt4]

    - by Dr. Johnson
    def welcomeStage (self): self.test = QtGui.QLineEdit (self) self.test.move (50, 150) QtCore.QObject.connect (self.test, QtCore.SIGNAL ('returnPressed()'), self.passwordStage) def passwordStage (self): self.email = self.test.text() self.test.clear() self.test.setEchoMode (QtGui.QLineEdit.Password) QtCore.QObject.connect (self.test, QtCore.SIGNAL ('returnPressed()'), self.loginStage) def loginStage (self): self.pwd = self.test.text() print self.pwd if len (self.pwd) < 0: welcomeStage () return Simply put, I am making a login form. The user enters their email, then the text field is cleared and echo mode is set to Password mode. The text() function returns the email fine, but when I call text() after I have changed the echo mode, it returns 0. I've been pouring over the documentation looking for anything regarding the text() function and how it operates when Password mode is on, however I have not found anything. Does anybody know how this is done?

    Read the article

  • GnuPG Shell Script - Refuses to read password

    - by OopsForgotMyOtherUserName
    The script below used to work on Mac OS X, but, since moving it to Ubuntu, it doesn't seem to read from the password file at all. Even when I run it from the command line, no matter what I do, I get a popup prompt asking me for the password. As this will run via cron, I don't want this to happen... I want it to read the password from the file with no prompt. To note, I did try using passphrase-fd and passphrase-file, neither of which worked... #!/bin/sh p=$(<pass.txt) set -- $p pass_phrase=$1 destination="/var/www/decrypted" cd /var/sl_bin/ for FILE in *.pgp; do FILENAME=${FILE%.pgp} gpg --passphrase "$pass_phrase" --output "$destination/$FILENAME" --decrypt "$FILE" rm -f $FILE done

    Read the article

  • MySQL Password Not Working

    - by 01010011
    Hi, When I enter my password into MySQL Command Line Client, it rejects my password, gives 1 beep and closes the window. Can anyone provide me with a basic troubleshooting list of steps (from simple to progressively more technical) to regain entry into MySQL once and for all. Also, can anyone tell me what can cause my password to suddenly be rejected? I am also running XAMPP and the MySQL service is both installed and running. Thanks in advance. I remember when I first got this problem some months ago, if I recall correctly, I solved it by starting the MySQL service from Windows XP's Administrative Tool (something I did stopped the MySQL service and to this day I don't know what it was). Now the problem has started back again but this time, when I checked Services, the MySQL service was already 'started'. Any assistance will be appreciated. Thanks

    Read the article

  • Password protect web pages on Windows CE 6

    - by Chris
    I am using the default web server for WinCE 6 and wish to password protect certain folders. The default VROOT /remoteadmin/ is password protected, and this works but my configuration doesn't work. I have tried mimicking these settings on my own folders but to little success. Here is how one looks: In the HKLM\Comm\HTTPD\VROOTS key I have created a subkey called /web/configuration (this folder actually exists on the box). The following values are in this key A = 1 DefaultPage = config.html Path = /hard disk/webroot/web/configuration/ UserList = ADMIN This is nigh on identical to the settings in /RemoteAdmin/ but /RemoteAdmin/ requests a password and /web/configuration doesn't (even after reboot).

    Read the article

  • How do I prevent or override a group policy on Windows 7?

    - by Kevin
    A few months ago my company was purchased by a large corporation. We recently switched our network over to the large corporate network which has more restrictions requirements. One of these is the requirement to use a proxy server for Internet traffic. However, some of our internal servers are not recognized by the corporate DNS, so we need to provide the fully qualified domain name. For W7, we make changes to the Internet Properties for IE8 and Chrome to include our domain name as an exception to the proxy server (e.g., *.foobar.com). The problem is that a group policy that does not include our domain name is continually pushed out to my systems throughout the day. This requires me to make the appropriate changes to the Internet Properties several times a day in order to access our internal servers. Is there a way that I can prevent the group policy from being pushed to my systems or detect when the group policy is pushed and override it? I am an administrator on all of my systems. I do have Firefox installed which is not subject to the same group policy push, but I need to have IE8 and Chrome working.

    Read the article

  • How do I prevent or override a group policy on Windows 7?

    - by Kevin
    A few months ago my company was purchased by a large corporation. We recently switched our network over to the large corporate network which has more restrictions requirements. One of these is the requirement to use a proxy server for Internet traffic. However, some of our internal servers are not recognized by the corporate DNS, so we need to provide the fully qualified domain name. For W7, we make changes to the Internet Properties for IE8 and Chrome to include our domain name as an exception to the proxy server (e.g., *.foobar.com). The problem is that a group policy that does not include our domain name is continually pushed out to my systems throughout the day. This requires me to make the appropriate changes to the Internet Properties several times a day in order to access our internal servers. Is there a way that I can prevent the group policy from being pushed to my systems or detect when the group policy is pushed and override it? I am an administrator on all of my systems. I do have Firefox installed which is not subject to the same group policy push, but I need to have IE8 and Chrome working.

    Read the article

  • I deployed Flash Player via a Software Installation policy. How to upgrade?

    - by eleven81
    I have a Windows Server 2008 machine as my DC. Earlier this year I created a Software Installation GPO to deploy Adobe Flash Player plugin MSI. I assigned the policy to the computers, about half run Windows XP x86 and the other half Windows 7 x64. That all works like clockwork. When I created the Software Installation Policy, I disabled the Flash Player plugin's automatic update feature by editing the MSI in Orca. I did this because I wanted all of my machines to run the exact same version of the plugin. Now, some time has passed and a newer version of the Flash Player plugin has been released. It is time for me to push out the updated version of the plugin. I already have the new MSI, but I am lost on what to do next. I see the upgrades tab in the Software Installation GPO, but everything there reads like that would be used for add-ons to a larger master program and not for updates that are released over time. I have read that it is best to create a new Software Installation policy with the new MSI, revoke the old GPO, and assign the new GPO. I feel as though, over time, I will wind up with more revoked policies than active ones. I have also read that some people have had success by replacing the old MSI with the new MSI and simply telling the GPO to redeploy. This seems like a backdoor method that will only get me in to trouble. In short, what is the correct, best-practice, or preferred way to roll out the new version via Group Policy?

    Read the article

  • How to Access Your Router If You Forget the Password

    - by Chris Hoffman
    Routers protect their web interfaces, where you can configure their networking, parental control, and port forwarding settings, with a username and password. These default passwords can be changed to protect the router’s settings. If you’ve forgotten a router’s password – or if you acquired a used router and don’t know its password – there’s a way to reset the password. You may also be able to forward ports without knowing the password. Image Credit: tnarik on Flickr How to Access Your Router If You Forget the Password Secure Yourself by Using Two-Step Verification on These 16 Web Services How to Fix a Stuck Pixel on an LCD Monitor

    Read the article

  • The Unintended Consequences of Sound Security Policy

    - by Tanu Sood
    v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Calibri","sans-serif"; mso-bidi-font-family:"Times New Roman";} Author: Kevin Moulton, CISSP, CISM Meet the Author: Kevin Moulton, Senior Sales Consulting Manager, Oracle Kevin Moulton, CISSP, CISM, has been in the security space for more than 25 years, and with Oracle for 7 years. He manages the East Enterprise Security Sales Consulting Team. He is also a Distinguished Toastmaster. Follow Kevin on Twitter at twitter.com/kevin_moulton, where he sometimes tweets about security, but might also tweet about running, beer, food, baseball, football, good books, or whatever else grabs his attention. Kevin will be a regular contributor to this blog so stay tuned for more posts from him. When I speak to a room of IT administrators, I like to begin by asking them if they have implemented a complex password policy. Generally, they all nod their heads enthusiastically. I ask them if that password policy requires long passwords. More nodding. I ask if that policy requires upper and lower case letters – faster nodding – numbers – even faster – special characters – enthusiastic nodding all around! I then ask them if their policy also includes a requirement for users to regularly change their passwords. Now we have smiles with the nodding! I ask them if the users have different IDs and passwords on the many systems that they have access to. Of course! I then ask them if, when they walk around the building, they see something like this: Thanks to Jake Ludington for the nice example. Can these administrators be faulted for their policies? Probably not but, in the end, end-users will find a way to get their job done efficiently. Post-It Notes to the rescue! I was visiting a business in New York City one day which was a perfect example of this problem. First I walked up to the security desk and told them where I was headed. They asked me if they should call upstairs to have someone escort me. Is that my call? Is that policy? I said that I knew where I was going, so they let me go. Having the conference room number handy, I wandered around the place in a search of my destination. As I walked around, unescorted, I noticed the post-it note problem in abundance. Had I been so inclined, I could have logged in on almost any machine and into any number of systems. When I reached my intended conference room, I mentioned my post-it note observation to the two gentlemen with whom I was meeting. One of them said, “You mean like this,” and he produced a post it note full of login IDs and passwords from his breast pocket! I gave him kudos for not hanging the list on his monitor. We then talked for the rest of the meeting about the difficulties faced by the employees due to the security policies. These policies, although well-intended, made life very difficult for the end-users. Most users had access to 8 to 12 systems, and the passwords for each expired at a different times. The post-it note solution was understandable. Who could remember even half of them? What could this customer have done differently? I am a fan of using a provisioning system, such as Oracle Identity Manager, to manage all of the target systems. With OIM, and email could be automatically sent to all users when it was time to change their password. The end-users would follow a link to change their password on a web page, and then OIM would propagate that password out to all of the systems that the user had access to, even if the login IDs were different. Another option would be an Enterprise Single-Sign On Solution. With Oracle eSSO, all of a user’s credentials would be stored in a central, encrypted credential store. The end-user would only have to login to their machine each morning and then, as they moved to each new system, Oracle eSSO would supply the credentials. Good-bye post-it notes! 3M may be disappointed, but your end users will thank you. I hear people say that this post-it note problem is not a big deal, because the only people who would see the passwords are fellow employees. Do you really know who is walking around your building? What are the password policies in your business? How do the end-users respond?

    Read the article

  • SQL Server 2000, yes 2000 password hash

    - by Justin808
    I need to store a password has in a SQL server 2000 database. The information isn't critical but I really don't want to store the password in clear text. How can I get a unique hash (sha, sha1, md5, etc) in SQL server 2000 as HashBytes isn't available. I'm not looking for compiled DLL or the ilk, I dont have access to the server, needs to be pure MS SQL.

    Read the article

  • Weird .htaccess password request that I didn't make...

    - by Dixon Crews
    Okay. So I went on a trip, came back, and suddenly, a website that I was working on is now asking for a username and password á la .htaccess. Thing is, I never made this happen and there is no .htaccess file anywhere to be found. Here is the site: link I didn't buy the template from omegathemes.com, whatever that is. And when you go there, it asks for the same kind of user and password. Any help?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 15 16 17 18 19 20 21 22 23 24 25 26  | Next Page >