Search Results

Search found 4220 results on 169 pages for 'generating passwords'.

Page 39/169 | < Previous Page | 35 36 37 38 39 40 41 42 43 44 45 46  | Next Page >

  • NIS: which mechanism hides shadow.byname for unpriviledged users?

    - by Mark Salzer
    On some Linux box (SLES 11.1) which is a NIS client I can do as root: ypcat shadow.byname and get output, i.e. some lines with the encrypted passwords, amongst other information. On the same Linux box, if I run the same command as unpriviledged user, I get No such map shadow.byname. Reason: No such map in server's domain Now I am surprised. My good old knowlege says that shadow passwords in NIS are absurd because there is no access control or authentication in the protocol and thus every (unpriviledged) user can access the shadow map and thereby obtain the encrypted passwords. Obviously we have a different picture here. Unfortunately I don't have access to the NIS server to figure out what is happening. My only guess is that the NIS master gives the map only to clients conection from a priviledged port (1024), but this is only an uneducated guess. What mechanisms are there in current NIS implementations to lead to a behavior like the above? How "secure" are they? Can the be circumvented easily? Or are shadow passwords in NIS as secure as the good old shadow files?

    Read the article

  • ssh keys rejected each day

    - by EddyR
    I've had OpenSSH server running on my debian server for a couple weeks and all of a sudden now when I go to login the next day it rejects my ssh key and I have to manually add a new one each time. Not only that but I have the "tunneling with clear-text passwords" option enabled and the non-root (login with root is disabled) account for that is rejected too. I'm at a loss why this is happening and I can't find any ssh options that would explain it. --update-- I just changed debug level to DEBUG. But before that I'm seeing a lot of the following in auth.log Feb 1 04:23:01 greenpages CRON[7213]: pam_unix(cron:session): session opened for user root by (uid=0) Feb 1 04:23:01 greenpages CRON[7213]: pam_unix(cron:session): session closed for user root ... Feb 1 04:36:26 greenpages sshd[7217]: reverse mapping checking getaddrinfo for nat-pool-xx-xx-xx-xx.myinternet.net [xx.xx.xx.xx] failed - POSSIBLE BREAK-IN ATTEMPT! ... Feb 1 04:37:31 greenpages sshd[7223]: Did not receive identification string from xx.xx.xx.xx ... My sshd_conf file settings are: # Package generated configuration file # See the sshd(8) manpage for details # What ports, IPs and protocols we listen for Port xxx # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging SyslogFacility AUTH LogLevel DEBUG # Authentication: LoginGraceTime 120 PermitRootLogin no StrictModes yes RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes # To enable empty passwords, change to yes (NOT RECOMMENDED) PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Change to no to disable tunnelled clear text passwords PasswordAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosGetAFSToken no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes X11Forwarding no X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net # Allow client to pass locale environment variables AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server UsePAM no ClientAliveInterval 60 AllowUsers myuser

    Read the article

  • How can I make the Firefox Password Manager more intelligent?

    - by Philip
    I have two major gripes about the FF password manager: If I restore a session with multiple tabs with sites with saved passwords, the master password prompt pops up once for each of them, even if I correctly enter the password the first time. Sometimes I want Firefox not to use my saved passwords at all (e.g. because I want to let someone else use it without getting access to my accounts), but hitting cancel results in erratic behavior--sometimes the box just pops up again and again, or sometimes it stops and behaves as I wish (continuing to browse w/o my passwords) until it encounters another site that wants my password. Thus even when hitting cancel does leave me free to browse passwordless, it doesn't get Firefox to leave me alone for the whole session. Thus: do you know of any tweak or add-on that could (1) make Firefox smart enough to get my master password once and then leave me alone, and/or (2) add an option (checkbox-style, toggle button, etc.) to browse "for now" (until I toggle the option) or even "for this session" (until I restart) without using any of my saved passwords? I'm running Firefox 3.5.6 on Mac OS X 10.5; thanks.

    Read the article

  • ISACA Webcast follow up: Managing High Risk Access and Compliance with a Platform Approach to Privileged Account Management

    - by Darin Pendergraft
    Last week we presented how Oracle Privileged Account Manager (OPAM) could be used to manage high risk, privileged accounts.  If you missed the webcast, here is a link to the replay: ISACA replay archive (NOTE: you will need to use Internet Explorer to view the archive) For those of you that did join us on the call, you will know that I only had a little bit of time for Q&A, and was only able to answer a few of the questions that came in.  So I wanted to devote this blog to answering the outstanding questions.  Here they are. 1. Can OPAM track admin or DBA activity details during a password check-out session? Oracle Audit Vault is monitoring these activities which can be correlated to check-out events. 2. How would OPAM handle simultaneous requests? OPAM can be configured to allow for shared passwords.  By default sharing is turned off. 3. How long are the passwords valid?  Are the admins required to manually check them in? Password expiration can be configured and set in the password policy according to your corporate standards.  You can specify if you want forced check-in or not. 4. Can 2-factor authentication be used with OPAM? Yes - 2-factor integration with OPAM is provided by integration with Oracle Access Manager, and Oracle Adaptive Access Manager. 5. How do you control access to OPAM to ensure that OPAM admins don't override the functionality to access privileged accounts? OPAM provides separation of duties by using Admin Roles to manage access to targets and privileged accounts and to control which operations admins can perform. 6. How and where are the passwords stored in OPAM? OPAM uses Oracle Platform Security Services (OPSS) Credential Store Framework (CSF) to securely store passwords.  This is the same system used by Oracle Applications. 7. Does OPAM support hierarchical/level based privileges?  Is the log maintained for independent review/audit? Yes. OPAM uses the Fusion Middleware (FMW) Audit Framework to store all OPAM related events in a dedicated audit database.  8. Does OPAM support emergency access in the case where approvers are not available until later? Yes.  OPAM can be configured to release a password under a "break-glass" emergency scenario. 9. Does OPAM work with AIX? Yes supported UNIX version are listed in the "certified component section" of the UNIX connector guide at:http://docs.oracle.com/cd/E22999_01/doc.111/e17694/intro.htm#autoId0 10. Does OPAM integrate with Sun Identity Manager? Yes.  OPAM can be integrated with SIM using the REST  APIs.  OPAM has direct integration with Oracle Identity Manager 11gR2. 11. Is OPAM available today and what does it cost? Yes.  OPAM is available now.  Ask your Oracle Account Manager for pricing. 12. Can OPAM be used in SAP environments? Yes, supported SAP version are listed in the "certified component section" of the SAP  connector guide here: http://docs.oracle.com/cd/E22999_01/doc.111/e25327/intro.htm#autoId0 13. How would this product integrate, if at all, with access to a particular field in the DB that need additional security such as SSN's? OPAM can work with DB Vault and DB Firewall to provide the fine grained access control for databases. 14. Is VM supported? As a deployment platform Oracle VM is supported. For further details about supported Virtualization Technologies see Oracle Fusion Middleware Supported System configurations here: http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html 15. Where did this (OPAM) technology come from? OPAM was built by Oracle Engineering. 16. Are all Linux flavors supported?  How about BSD? BSD is not supported. For supported UNIX version see the "certified component section" of the UNIX connector guide http://docs.oracle.com/cd/E22999_01/doc.111/e17694/intro.htm#autoId0 17. What happens if users don't check passwords in at the end of a work task? In OPAM a time frame can be defined how long a password can be checked out. The security admin can force a check-in at any given time. 18. is MySQL supported? Yes, supported DB version are listed in the "certified component section" of the DB connector guide here: http://docs.oracle.com/cd/E22999_01/doc.111/e28315/intro.htm#BABGJJHA 19. What happens when OPAM crashes and you need to use the password? OPAM can be configured for high availability, but if required, OPAM data can be backed up/recovered.  See the OPAM admin guide. 20. Is OPAM Standalone product or does it leverage other components from IDM? OPAM can be run stand-alone, but will also leverage other IDM components

    Read the article

  • Tic-Tac-Toe AI: How to Make the Tree?

    - by cam
    I'm having a huge block trying to understand "trees" while making a Tic-Tac-Toe bot. I understand the concept, but I can't figure out to implement them. Can someone show me an example of how a tree should be generated for such a case? Or a good tutorial on generating trees? I guess the hard part is generating partial trees. I know how to implement generating a whole tree, but not parts of it.

    Read the article

  • Facebook Thumbnails Issue Traced to safe_image.php

    - by talkinggoat
    For some reason, facebook's safe_image.php script isn't generating thumbnails, properly. It's generating a 1x1 image... even though the correct image is linked in the script's parameters. Example: <img class="img" alt="" src="https://s-external.ak.fbcdn.net /safe_image.php?d=AQBtrCt_Es_KsED0&w=90&h=90&url=http%3A%2F %2Fwww.southlapatriots.info%2Fimages%2FScamra%2FJayCastilleCouncil2.jpg" The linked image is correct, but it is still only generating a 1x1 image.

    Read the article

  • parser error in webapplication (asp.net)?

    - by Surya sasidhar
    hi, I developed a application using asp.net and uploaded the site in online it is working fine. after few days i am getting parser error like this.......... "" this script is generating in every page in the bottom of the page in source code in the site. it is automatically generating. when i remove it is work fine after few days it is again generating.

    Read the article

  • How can I get Opera speed-dial and password management features in other browsers?

    - by Howard Guo
    I heavily rely on Opera's speed dial and password management features. Lack of these two features is really stopping me from switching to another web browser such as Chrome or Firefox. Opera's password management has two unique characteristics which I rely on heavily: It saves passwords on all pages, (apparently) despite the page's meta data asking not to save passwords. It offers keyboard shortcut and button to automatically fill in username/passwords and all other fields in a login form, then automatically submit the form. (So I'm only one key/click away from logging into a website) How can I get those functions in other browsers? Thank you! Edit: Reason being that I use other web browsers at work and I wish they could have those functions.

    Read the article

  • Postfix relay to multiple servers and multiple users

    - by Frankie
    I currently have postfix configured so that all users get relayed by the local machine with the exception of one user that gets relayed via gmail. To that extent I've added the following configuration: /etc/postfix/main.cf # default options to allow relay via gmail smtp_use_tls=yes smtp_sasl_auth_enable = yes smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt smtp_sasl_security_options = noanonymous # map the relayhosts according to user sender_dependent_relayhost_maps = hash:/etc/postfix/relayhost_maps # keep a list of user and passwords smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd /etc/postfix/relayhost_maps user-one@localhost [smtp.gmail.com]:587 /etc/postfix/sasl_passwd [smtp.gmail.com]:587 [email protected]:user-one-pass-at-google I know I can map multiple users to multiple passwords using smtp_sasl_password_maps but that would mean that all relay would be done by gmail where I specifically want all relay to be done by the localhost with the exception of some users. Now I would like to have a user-two@localhost (etc) relay via google with their own respective passwords. Is that possible?

    Read the article

  • Security measures for CentOS

    - by cappuccinodrinker
    I have been tightening up my web server security and wanted to know what else I can do. I am running CentOS 5 with these measures: - All passwords to FTP, MySQL etc are generated from grc.com/passwords.htm and microsoft.com/protect/fraud/passwords/create.aspx (for the ones which cannot be too long). - Running iptables with all ports shut off except for http mail and smtp, the important ports like FTP SSH are blocked to all except my static office IP. There is also no response to pings. - Rootkit Hunter running daily - The server is PCI compliant according to Comodo - Not running any crappy made php apps, we use Zend Framework for our stuff and do have kayako installed and keep them up to date. Can't really think of anything else I can do... I could implement a brute force measure, but I think I already have by simply changing my SSH port to a number above 10000 and blocking it off with iptables.

    Read the article

  • SSL certificates with password encrypted key at hosting provider

    - by Jurian Sluiman
    We are a software company and offer hosting to our clients. We have a VPS at a large Dutch datacenter. For some of the applications, we need an SSL certificate which we'd like to encrypt with a password protected keyfile. Our VPS reboots now and then because of updates whatsoever, but that means our apache doesn't start right away because the passwords are needed. This results in downtime and is of course a real big problem. We can give the passwords to our VPS datacenter, or create certificates based on keyfiles without passwords. Both solutions seem not the best one, because they compromise the security of our certificates. What's the best solution for this issue?

    Read the article

  • How to enable password challenge in Active Directory?

    - by Antonio Laguna
    As IT Support, my team is taking so much time reseting passwords. So, we thought it would be interesting to enable some sort of Password Challenge in Active Directory so users could reset their own passwords, after correctly answering some questions. Despite we alert users by mail when their passwords are going to expire, they just delete the mail and go on so we think it should be a great idea. I've seen some commercial products but I'm not sure if there is something built-in or GPL to enable this kind of feature. Could someone shed some light about it?

    Read the article

  • How to change password schema for Dovecot user authentication for an already existing mail server

    - by deb_lrnr
    Hello, I have an email server setup on Debian Lenny with Postfix, Dovecot, SASL and MySQL. Currently, the password scheme in my dovecot-sql.conf file is set to: CRYPT default_pass_scheme = CRYPT I would like to globally change the scheme to something stronger like SSHA, or MD5-CRYPT and re-hash all passwords with SSHA. What is the best way to do this? The Dovecot wiki mentions how passwords that don't follow the default scheme defined in dovecot-sql.conf can be prefixed with "{ssha}password", but I couldn't see anything regarding changing an already-existing scheme to a new one for all passwords that are already in the database. Thanks for your help!

    Read the article

  • Password History Storage and Variability Comparison

    - by z3ke
    I believe this situation would be similar to many others out there, so maybe some of you can shed some light... Supposedly, when making password changes through MS exchange every 90 days, you cannot use any simple variation of one of your old passwords, up to whatever limit the admin's set for a system. My question: If your previous passwords are only stored as hashes, how can they check for the "just changed one letter" case. Wouldn't they have to have access to the old plain-text passwords in order to make those comparisons? The only other thing I can think of is if upon original creation of a password, they also stored all other one character permutations of it, so that they can be banned later?

    Read the article

  • Password Management for Oracle WebLogic customers

    - by Anthony Shorten
    One of the most common requests for enhancements I get across my desk is that customers wish to allow end users to change their passwords from our products. Now, typically password management is not in the realm of individual applications but it is an infrastructure requirement, so we don't usually add this to our roadmaps by default. The issue is that with the vast range of security stores that can be used with our product line across the Web Application Servers we support, it is almost impossible to come up with a generic enough API to work across them. If you have a specific security store on a specific Web Application Server platform then there are simpler solutions. There are a number of ways of implementing this without providing functionality specific functionality: Oracle sells Identity Management software that offers common API's to manage passwords. You can purchase those products and link to the password change dialog in those products using Navigation Keys. If you are a customer using Oracle WebLogic, then there is a sample JSP's that can be linked to provide this functionality under Oracle TechNet (registration required) under Code Samples (project S20). These can be added as a Navigation Key to complete the functionality. This will allow end users to manage their own passwords. Obviously these are all samples and should be treated as customizations when you implement them. If you wish to understand Navigation Keys, then look at the Oracle Utilities Application Framework Integration Guidelines (Doc Id: 789060.1) available from My Oracle Support.

    Read the article

  • Disable Password Complexity/Expiration etc. Policy on Windows Server 2008

    - by Sahil Malik
    Ad:: SharePoint 2007 Training in .NET 3.5 technologies (more information). One of the things I like to do, for development environments only is to get rid of that excessively bothersome password policies. I like to have my password as something like p@ssword1, so they are easy to remember etc. etc. Obviously never do this in production. However, Windows Server 2008 comes with a password policy that expires my passwords every 90 days, and requires me to pick complex passwords, can’t reuse passwords etc. etc. Well here is how you disable password policy on a Windows Server 2008 machine - Run Group Policy Management (gpmc.msc) Expand to your domain, look for Forest\Domains\yourdomain\default domain policy. Go to the settings tab, right click on the tab, and choose “Edit”. This will open the Group Policy Management Editor, in which - Go to Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy, and change the policy to whatever that suits you. Close everything, and run command prompt as administrator, and issue a “gpupdate /force” command to force the group policy update on the machine. Restart, and you’re done! :) Comment on the article ....

    Read the article

  • Sync KeePassX with KeePass2

    - by bioShark
    Simply put: In Ubuntu I am using KeePassX and in Windows KeePass2. In am not able to export/import passwords from one to another. I would prefer to use the same database, but I don't really know how. If there is no possibility to sync the 2, can you recommend another password vault, which is able to sync passwords from 2 OS, using a shared DB. Thanks I am using Ubuntu 12.04 and Win 7. Edit: I have noticed that KeePass2 is available in the Software Center, so I have installed it, and I can successfully open my Win7 database. Now I will migrate my KeePassX passwords. I am seeing now a huge difference in the looks. While KeePassX doesn't exactly have Ubuntu like look&feel, it's 100 times more elegant than the interface KeePass2 comes with. Well, maybe that was my initial decision for installing KeePassX on my Ubuntu machine. I can't remember. @fossfreedom, please add your comment as a response, so that I can accept it. Thank for the suggestion

    Read the article

  • Precautions during SSH

    - by Shagun
    I recently had to give away my Ubuntu 12.10 root password to one of my friends so that he could SSH into my system and send some files to me. Now he is my friend and I trust him so I was not reluctant in sharing my password. And I did change it afterwards. But it just struck me how can I view all the commands that were executed by some other user remote logging into my system (obviously not my friend. I mean in general).To what extent can they access my data (especially my passwords eg I use Last Pass so can they access my account passwords as well??) And if they open any browser after logging into my system do they have access to all my passwords provided I have saved them using the "remember password" option given by chrome Also what precautions I should take when I am allowing some one to remote login in my system and how can I track the various commands used by them or the changes they made in my system. Also is there some simple way to get notified whenever some one logs into my system apart from checking the /var/log/auth.log file??

    Read the article

  • Two views of Federation: inside out, and outside in

    - by Darin Pendergraft
    IDM customers that I speak to have spent a lot of time thinking about enterprise SSO - asking your employees to log in to multiple systems, each with distinct hard to guess (translation: hard to remember) passwords that fit the corporate security policy for length and complexity is a strategy that is just begging for a lot of help-desk password reset calls. So forward thinking organizations have implemented SSO for as many systems as possible. With the mix of Enterprise Apps moving to the cloud, it makes sense to continue this SSO strategy by Federating with those cloud apps and services.  Organizations maintain control, since employee access to the externally hosted apps is provided via the enterprise account.  If the employee leaves, their access to the cloud app is terminated when their enterprise account is disabled.  The employees don't have to remember another username and password - so life is good. From the outside in - I am excited about the increasing use of Social Sign-on - or BYOI (Bring your own Identity).  The convenience of single-sign on is extended to customers/users/prospects when organizations enable access to business services using a social ID.  The last thing I want when visiting a website or blog is to create another account.  So using my Google or Twitter ID is a very nice quick way to get access without having to go through a registration process that creates another username/password that I have to try to remember. The convenience of not having to maintain multiple passwords is obvious, whether you are an employee or customer - and the security benefit of not having lots of passwords to lose or forget is there as well. Are enterprises allowing employees to use their personal (social) IDs for enterprise apps?  Not yet, but we are moving in the right direction, and we will get there some day.

    Read the article

  • SEO Pros and cons of having your blog in a subdirectory or subdomain

    - by sam
    From an SEO point of view is it better to have your blog running as part of your site (ie. /blog) so that it will be generating more content for the site OR is it better to have it running as a subdomain (ie. blog.) of your main site (correct me if im wrong but google sees subdomains as seperate site ?) so that it would be getting lots of external links from my blog, but then again, it would be generating no extra content for my main site.

    Read the article

  • How to effectively use an overseas SEO team?

    - by Dan Gayle
    My company is currently in contract with a 20+ person team in the Philippines, previously used for comment linking and guest blogging spun content articles. This is a practice that we're stopping, but we don't want to sever our team because they work hard, they're really cheap, and they produce excellent accounting and reporting of their actions. What are ways that we can best put them to use as a link generating or content generating resource? Their English is fair, but not of high enough quality to use them for any direct content creation. Thanks

    Read the article

  • Couldn't generate PGP key: General Error

    - by Nicky Bailuc
    I want to get involved with Ubuntu and I've decided to join the Bug Squad. Launchpad tells me that I have to some OpenPGP Fingerprint key, and I followed instructions from this link: https://launchpad.net/+help-registry/openpgp-keys.html#publish All goes fine, I enter all the necessary information, and it starts generating the key. After about 20 seconds of generating the key, it gives an error saying "Couldn't generate PGP key: General Error." What does this mean? How can I fix this?

    Read the article

  • Increase Search Engine Ranking in 3 Simple Steps

    SEO is not difficult. All that is required is a basic understanding of the what goes into SEO. Generating backlinks and getting ranked well in search engines is one part of SEO and if you do that right, 95% of your work is done. Read on to know a simple way of generating high quality backlinks from authoritative websites.

    Read the article

  • Don&rsquo;t Kill the Password

    - by Anthony Trudeau
    A week ago Mr. Honan from Wired.com penned an article on security he titled “Kill the Password: Why a String of Characters Can’t Protect Us Anymore.” He asserts that the password is not effective and a new solution is needed. Unfortunately, Mr. Honan was a victim of hacking. As a result he has a victim’s vendetta. His conclusion is ill conceived even though there are smatterings of truth and good advice. The password is a security barrier much like a lock on your door. In of itself it’s not guaranteeing protection. You can have a good password akin to a steel reinforced door with the best lock money can buy, or you can have a poor password like “password” which is like a sliding lock like on a bathroom stall. But, just like in the real world a lock isn’t always enough. You can have a lock, security system, video cameras, guard dogs, and even armed security guards; but none of that guarantees your protection. Even top secret government agencies can be breached by someone who is just that good (as dramatized in movies like Mission Impossible). And that’s the crux of it. There are real hackers out there that are that good. Killer coding ninja monkeys do exist! We still have locks on our doors, because they still serve their role. Passwords are no different. Security doesn’t end with the password. Most people would agree that stuffing your mattress with your life savings isn’t a good idea even if you have the best locks and security system. Most people agree its safest to have the money in a bank. Essentially this is compartmentalization. Compartmentalization extends to the online world as well. You’re at risk if your online banking accounts are linked to the same account as your social networks. This is especially true if you’re lackadaisical about linking those social networks to outside sources including apps. The object here is to minimize the damage that can be done. An attacker should not be able to get into your bank account, because they breached your Twitter account. It’s time to prioritize once you’ve compartmentalized. This simply means deciding how much security you want for the different compartments which I’ll call security zones. Social networking applications like Facebook provide a lot of security features. However, security features are almost always a compromise with privacy and convenience. It’s similar to an engineering adage, but in this case it’s security, convenience, and privacy – pick two. For example, you might use a safe instead of bank to store your money, because the convenience of having your money closer or the privacy of not having the bank records is more important than the added security. The following are lists of security do’s and don’ts (these aren’t meant to be exhaustive and each could be an article in of themselves): Security Do’s: Use strong passwords based on a phrase Use encryption whenever you can (e.g. HTTPS in Facebook) Use a firewall (and learn to use it properly) Configure security on your router (including port blocking) Keep your operating system patched Make routine backups of important files Realize that if you’re not paying for it, you’re the product Security Don’ts Link accounts if at all possible Reuse passwords across your security zones Use real answers for security questions (e.g. mother’s maiden name) Trust anything you download Ignore message boxes shown by your system or browser Forget to test your backups Share your primary email indiscriminately Only you can decide your comfort level between convenience, privacy, and security. Attackers are going to find exploits in software. Software is complex and depends on other software. The exploits are the responsibility of the software company. But your security is always your responsibility. Complete security is an illusion. But, there is plenty you can do to minimize the risk online just like you do in the physical world. Be safe and enjoy what the Internet has to offer. I expect passwords to be necessary just as long as locks.

    Read the article

< Previous Page | 35 36 37 38 39 40 41 42 43 44 45 46  | Next Page >