Least Privileged

Apparently I don't need to know!

  • cissp cheat sheet, cissp exam results, cissp exam results how long, cissp results, cissp results how long, cissp exam results how long 2010, failed cissp, failed cissp exam, cissp failure rate, keepass vulnerabilities, cissp exam experience, cissp cram sheet, what to memorize for cissp exam, how long for cissp results, waiting for cissp results, cissp test results how long, cissp resources, eric cole cissp, cissp results 2010, how many questions can you get wrong and pass cissp, cissp failed, coworkers with cissp, cissp exam result, official (isc)2 guide to the cissp exam - 2010, keepass vulnerability, taking the cissp, failing cissp, cissp exam cheat sheet, cissp scantron, how many question can you miss on the cissp, keepass review 2010, cissp exam experience 2010, cissp exam results long, keepass review, failed the cissp, how long to get cissp results, cissp exam failure rate, i failed my cissp, how long does it take to get cissp results, eric reed cissp, failing the cissp, cissp exam cheat sheets, cissp exam, i failed my cissp exam, failing the cissp exam, torrey woodhouse cissp, how long do i have to wait for cissp exam score?, how long cissp results, how hard is the cissp exam, cissp cheatsheet, cissp dec exam result, waiting for cissp exam results, cissp fail, how many questions can you miss on the cissp, cissp results wait, how many people fail cissp, cissp results december 2010, fail cissp, cissp december, cissp exam fail, failure rate for cissp exam, cissp test experience, how many domains are covered in the cissp exam, cissp results email, failed the cissp exam, how long does it take to get cissp test results, cissp, torrey woodhouse, cissp exam statistics, do you have to pass each domain for the cissp exams final grade, fail the exam cissp, cissp failed 1st time, cissp scaled score +70, fail cissp test first time, waiting on cissp exam results, thank you for sitting for the certified information systems security professional (cissp)® examination on 12/05/2009. we recognize and commend the significant personal commitment, 2010 how long does it take for cissp results ,cissp exam failed, cheat sheet cissp, eric cole sans management 414, people who thought they failed the cissp exam, experiences with taking cissp, freepracticetests cissp exam, cissp dec result, cissp failed 2010, cissp cheat sheets, cissp personal study notes, cissp exam results email, cissp time until grade received, how long isc2 cissp exam results, how long should i wait for my cissp results, cissp questions, how is the cissp exam graded, how is cissp graded, cissp exam difficulty, freepracticetests.org, eric cole cissp audio, cissp exam status & results, wait time between cissp exams if you fail, how long does it take to get the results of the cissp exam, do people fail cissp, what should i know before taking the cissp, i feel like i failed the cissp, december 2010 cissp results, how many questions can you miss and still the cissp exam, should is used all in one cissp 5th edition to prepare for the cissp examination?, cissp exam results december 2010, are freepracticetest.org questions really from the test, cissp cheat, cissp exam result wait, cissp exam thoughts, how long until i get my cissp results, why does it take so long to grade cissp, cissp december exam result, how many fail cissp exam, took the cissp exam, cissp fail rate, cissp exam results nov 6th 2010, i am going to fail cissp, cissp exam result december, cissp exam result dec, difficulty level of cissp questions, why does cissp take so long to grade, cissp taking, my cissp exam experience. cissp exam cram failed cissp, cissp results take longer than other, cissp certification discouraged hard, cissp exam result email, what did you see on cissp exam?, least privileged blog, taking cissp exam, cissp results december, 7 types of hard cissp exam questions, waiting cissp exam results, how many questions can you miss on the cissp exam, cissp practice exam, took the cissp december 5, 2009, how long cissp results failed, cissp test results, cissp study sheet.xls, eric cole cissp prep, dec 6 2009 cissp results, cissp how long for results, cissp cryptography cheat sheet, hands-on ethical hacking and network defense 2nd edition pdf, fail cissp by 9 points, cissp dec 2010 results, cissp exam failure rates, i think i failed the cissp, sans enough for cissp exam, cissp cheat notes, when did you receive your cissp results, how many pass cissp exam first time>, cissp test rsponse time, cissp exam results fail, failure rate cissp exam, cissp exam questions, miss exam cissp, june 12 2010 cissp exam results, how long to wait for cissp results, how long does it take for cissp results, how long to receive cissp results 2010, cissp thought i failed, cissp study sheet, when will i get my cissp results, how long does it take to receive cissp test results, cissp 5 dec exam, cissp eric cole, cissp exam results fail experiance, cissp results, how long to get cissp exam results, cissp fail safe, cissp post exam syndrome, cissp exam can you bring notes?, keepass mcafee, what to bring to cissp exam, shon harris evo, cissp exam result 20th december, giac security leadership certification training programs wisconsin, cissp result score, 401, how many pass cissp exam on first change, cissp+cheat+sheet, eric cole sans cissp slides, pass fail for cissp, giac security leadership certification personal experiences, cissp cheat sheet 2010, how many questions can i miss on cissp and still get 70 percent, cissp recent exams feed, how many domains are covered in the cissp exam and list each domain name?, cissp 80% who fail first time, cissp exam results failed, about cissp failure rate, how long does it take to get a response after taking cissp, cissp post cheat sheet, how to pass cissp, if you fail the cissp exam, least privlaged cissp, beta questions on cissp test, how hard is cissp exam, dear candidate, certificate number: 360xxx, how long grade cissp, cissp experience, my experience taking the cissp exam, long cissp exam results, cissp cheat sheet notes, cissp exam tips, cissp online books resource, just wrote the cissp exam, cissp result 5th dec 2009, cissp post exam experience, cissp results fail, keepass + vulnérabilité, how to cheat on the cissp exam, carnegie-mellon cissp course, how long for the isc2 endorsement, how long after the exam the cissp results come in, cissp study plan .xls, how long does it take to get cissp exam results back, cissp test comments, 7 types of hard cissp exam questions, where do i check for my cissp result for pass or fail, sans cissp test answers wrong, cissp practice exams (all-in-one) download, real exam cissp pass, grading cissp test, percent of people who pass the cissp exam, taking the cissp exam - my personal experience, cissp cheat sheet free, failed cissp 2 times, how long cissp results december, failed 5 timees in cissp, cissp exam questions weighted, cissp exam experience, osi cissp notes, cissp 2010 results, cissp cheet sheet, cissp made easy, keepass malware, what if i fail cissp exam, cissp how many can i miss, keepass rainbow, waiting for cissp test results. cissp test results taking a long time results nov 6th, taking the cissp, cissp 2009 result fail, i am ready for the cissp exam, what to bring to cissp, cissp exam is really hard, what is the failure rate of 2010 cissp exam, cissp december 2009 results, cissp how long to get results, keepass security, ow many people fail the cissp, issp answer sheet a,b,c,d quarters, what to expect when taking the cissp exam, eric cole cissp mp3, i fail cissp, cissp pass fail rate, when you fail th cissp, what is the percent of per domain for cissp exam, how long does it take to get exam results for cissp, www.freepracticetests.org, transcender practice cissp forum hard easy, failed cissp test need help, cissp results 1 week, keepass online storage, cissp test fail rate, cissp december results, cissp dec 2009 result, isc2 said i passed cissp exam then turned around and said i did not, how to cheat on cissp, cissp exam 6 hours, brute force password cracker snapfish, cissp lectures, cissp access control cheat sheet, how long cissp exam results, cissp vs gslc, http://freepracticetests.org, how long doees it take for the cissp results, failing cissp exam, taking the cissp exam, time required to prepare for cissp, how many fail the cissp exam, cheat sheet for cissp, cissp results how long 2010, i failed the cissp exam, how long to wait for cissp exam results?, cissp exam, failed cissp exam what do i tell my boss, i think i failed the cissp exam, securitymanagementpractices1.mp3, cissp least privlaged access, pass fail cissp, eric cole cissp seminar, 2010 cissp exam blog, eric cole cissp notes, cissp exam failure, cissp exam write on blank paper, cissp december result, failed cissp longer, gslc vs cissp, keepass vulnerability ctrl-c, eric cole audio download cissp, free practice exams cissp, how close to real exam, cissp study plan, how to feel after taking cissp, how do they grade the cissp exam, how many questions can i miss on cissp exam and still pass, cissp test closer to real exams, cissp barely failed, freepracticetests cissp pro hard, what day do cissp results normally come out, cissp results how long, cissp missed questions, how many times can i write the cissp exam, cissp exam results e-mail, december 12, 2009 + cissp examination results, secret to passing the cissp exam, failed cissp exam 3 times, cissp exam no problem, cissp exam result for 5th december 2009, who took cissp exam in 2009, deepmile facebook, keepass vunerability, how many times have you taken the cissp, cissp weighted, cissp test timeto get your result, isc2 training camp archive, cissp shon harris, copied cissp questions 2010, cissp exam results time, how to find out cissp test results, cissp exam overview slides clement dupuis, issep practice exam, sans audio for cissp, official (isc)2 guide to the cissp pdf, cissp waiting game, how many questions can you miss on the cissp and still pass, prepare cissp exam, 7 days to cram for cissp, cissp fail test scores, passing the cissp exam, eric cole mp3 cissp, cissp exam room highliter, sans audio slides series eric cole, sans mgmt 414 mp3, cissp 414+, sans mgt 414 mp3, test results for cissp october 4, how to prepare for cissp, cissp domain 6 quiz, cissp december 2009 result, i received my cissp results today at, why people fail cissp, december 12 cissp exam results, free cissp mp3s, sans cissp practice test by eric cole, audio cissp eric, cissp domain 5, cissp exam 2009 drp, cisa barely passed, sans cissp eric cole mp3, clark-wilson model anti-malware, december 6th cissp exam 2009 still no results, cissp domain rss feeds, when will i get my cissp results?, cissp exam results december 2009, cissp eric reed, i took my cissp exam 2009, eric cole cissp video, cissp test october 2009, eric cole audio cissp, cissp exam december 5 2009 results, cissp exam december 2009 results, cissp frustration, management 414 sans +s training program for the cissp certification exam presented by eric cole!, december 5 cissp exam results, feel in exams personal experience, waiting on cissp score, what to expect when taking cissp exam, cissp fail one domain, how long will the result of cissp exam be kept, what if i fail the cissp, cram guides cissp practice exam 2010, what you need to know for the cissp exam 2010, skillport cissp, cissp results response, how long does it take to get the cissp exam results, eric cole cissp lectures mp3, failed time between cissp tests, inchdeepmilewide.wordpress.com, cissp 2009 domain 10 notes, cissp study sheet telecommunications and network security, cissp exam estimated results, how many times fail cissp exam, how long to find out if you passed cissp, failure rate of cissp exam, let someone else take cissp test, percentage of people that fail the cissp exam, how much time do i have after passing cissp exam, cissp exam results aug 2010, when can i expect my cissp results?, official (isc)2 guide to the cissp exam - 2nd edition, 2010 pdf, can i take a class for cissp exam and then take the exam, 7 types of hard cissp exam questions pdf business phone, brutal cissp exam, shon harris wiki, software review: keepass comment, how long should i study for the cissp exam, difficulty of cissp compared to gslc exam, cissp update, does cissp have a 80 failure rate, keepass got hacked, what day do cissp results arrive, cissp results taking forever, what is the password to print all in one cissp 4th edition, cissp exam results 2010, cissp night before, took cissp today mostly operations, cissp exam 5 times, cissp exam notes, cissp brutal 6 hour exam, cissp passing results take longer, cissp 5th front, i failed cissp 2009, cissp taking again, picturetrail password brute force, transcender cissp practice exams, cissp exam failing results, how many people fail cissp first time?, i'm socring 80 and higher on cissp practice exams, cissp difficulty level, i passed the cissp, isc2 exam results letter scanned, cissp booklet, how good is freepracticetests cissp, cissp one month passed, cissp exam results waiting, how i passed cissp exam, any experience before cissp exam, cissp exam result already 4 weeks, weighted cissp exam, cissp encryption cheat sheet, who grades cissp tests, cissp telecomm cheat sheet, took cissp exam questions focus more, cissp how long before taking the test if you fail, cissp failed again, cissp is an easy exam, but tricky, cissp exam most tested domain, cissp exam what to bring, cissp statistic, online cissp practice questions exam cram, cissp exam comments, cissp exam results takes a long time, cissp failed email, cissp exam results 2010 do they give you your score fail, cissp actual test feedback, length of time to learn results from cissp, issmp notes, least privileged +physical security, passing cissp 1st time, cissp how many questions can i miss?, keepass auto login vmware client, cissp waiting for results, feel like ive failed after taking cissp, cissp change grade, (isc)² eric cole review, freepracticetests any good for cissp prep, trick cissp scantron, how to pass a cissp exam buy guessing answer, cissp exam collector, cheating on cissp exam, how many cissp question can be missed, cissp exam 80 percent right to pass, what kind of pencils do you need for cissp exam, cissp exam audio cd, cissp exam grading time, cissp acronyms flash cards, post cissp test syndrome cccure, when does cissp exam start hours, keepass experiences, failed cissp exam?, eric cole cissp lecture, cissp pass for sure, failed exam cissp, how long does it take for the cissp results to come out, issap cheat sheet, help failed cissp three times, getting cissp results, does it take long to get cissp exam results, failed my cissp exam, taking cissp, waiting for cissp result, what is the hardest cissp domain
«
»

What Makes a Password Stronger

Posted by -Durk- on June 25, 2011

http://finance.yahoo.com/family-home/article/113007/strong-online-passwords-wsj

by Stu Woo
Friday, June 24, 2011

provided by
wsjlogo.gif

With concern about hackers, tools for remembering so many codes; no more pet names or 123456.

For all its benefits, the Internet can be a hassle when it comes to remembering passwords for email, banking, social networking and shopping.

Many people use just a single password across the Web. That’s a bad idea, say online-security experts.

“Having the same password for everything is like having the same key for your house, your car, your gym locker, your office,” says Michael Barrett, chief information-security officer for online-payments service PayPal, a unit of eBay Inc.

More from Yahoo! Finance:

Companies Run Exclusively By Men

Things Your Neighbors Won’t Tell You

Most Dangerous Cities in the U.S.

Visit the Family & Home Center

Mr. Barrett has different passwords for his email and Facebook accounts — and that’s just for starters. He has a third password for financial websites he uses, such as for banks and credit cards, and a fourth for major shopping sites such as Amazon.com (Nasdaq: AMZNNews). He created a fifth password for websites he visits infrequently or doesn’t trust, such as blogs and an online store that sells gardening tools.

A spate of recent attacks underscores how hackers are spending more time trying to crack into big databases to obtain passwords, security officials say. In April, for instance, hackers obtained passwords and other information of 77 million users in Sony Corp.’s (NYSE: SNENews) PlayStation Network, while Google Inc. (Nasdaq: GOOGNews) said this month that hackers broke into its email system and gained passwords of U.S. government officials.

So-called brute force attacks, by which hackers try to guess individual passwords, also appear to be on the rise, Mr. Barrett says.

PayPal says two out of three people use just one or two passwords across all sites, with Web users averaging 25 online accounts. A 2009 survey in the U.K. by security-software company PC Tools found men to be particularly bad offenders, with 47% using just one password, compared with 26% of women.

Another PC Tools survey last year showed that 28% of young Australians from 18 to 38 years old had passwords that were easily guessed, such as a name of a loved one or pet, which criminals can easily find on Facebook or other public sites. Other passwords can be easily guessed, too. Hackers last year posted a list of the most popular passwords of Gawker Media users, including “password,” “123456,” “qwerty,” “letmein” and “baseball.”

“If your password is on that list, please change it,” says Brandon Sterne, security manager at Mozilla Corp., which makes the Firefox browser and other software. Hackers “will take the first 100 passwords on the list and go through the entire user base” of a website to crack a few accounts, he says.

People typically start changing online passwords after they’ve been hacked, says Dave Cole, general manager of PC Tools. However, “after a relatively short time, all but the most paranoid users regress to previous behaviors prior to the security breach,” he says. He and other security experts recommend people change or rotate passwords a few times a year.

To come up with a strong password, some security officials recommend taking a memorable phrase and using the first letter of each word. For example, “to be or not to be, that is the question,” becomes “tbontbtitq.” Others mash an unlikely pair of words together. The longer the password — at least eight characters, experts say — the safer it is.

Once people figure out a phrase for their password, they can make it more complex by replacing letters with special characters or numbers. They can also capitalize, say, the second character of every password for added security. Hence “tbontbtitq” becomes “tB0ntbtitq.”

No matter how good a password is, it is unsafe to use just one. Mr. Barrett recommends following his lead and having strong ones for four different kinds of sites — email, social networks, financial institutions and e-commerce sites — and a fifth for infrequently visited or untrustworthy sites.

Even the strongest passwords, however, are useless if criminals install so-called malware on computers that allow them to track a person’s keystrokes. Security experts say people can avoid this by keeping their antivirus and antispyware software updated and by avoiding downloading files from unknown websites and email senders.

Some security experts recommend slightly modifying passwords within each category of site. Companies such as Microsoft Corp. (Nasdaq: MSFTNews) offer free password-strength checkers, but users shouldn’t rely on them wholly because such strength tests don’t gauge whether a password contains easily found personal information, such as a birthday or a pet’s name.

It’s especially important to have a separate password for an email account, says Mozilla’s Mr. Sterne. Many sites have “Forgot my password” buttons that, when clicked, initiate a password-recovery process by email. Hackers who break into an email account can then intercept those emails and take control of each account registered using that address.

Some websites, such as Google and Facebook, now let people register a phone number along with their account. If a person forgets his passwords, the sites reset the passwords by calling or sending a text message to that person.

Mr. Barrett says people should be able to remember four or five good passwords. If not, they can write them down on a piece of paper and stick it in their wallet, and then throw the cheat sheet away once all the passwords are memorized.

People who still struggle to remember them all can use a password manager. Several, such as LastPass, are free. LastPass prompts users to create a master password and then generates and stores random passwords for different sites. Some security experts warn against using managers that store passwords remotely, but LastPass Chief Executive Joe Siegrist says hackers can’t access the passwords because all data is encrypted.

The worst thing that people can do after creating their different passwords: Put it on a sticky note by their monitor. “That defeats the entire purpose,” says Mr. Sterne.

Heather O’Neill, a 27-year-old tech-company employee in San Francisco, had her Google email account broken into earlier this year. She says she used the same password for several sites, and that it was a weak one.

“I can’t have one password for everything,” she says. “Everything is going to be different.”

Write to Stu Woo at Stu.Woo@wsj.com

Advertisement

This entry was posted on June 25, 2011 at 8:06 pm and is filed under Security. Tagged: , . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

«
»
 
Follow

Get every new post delivered to your Inbox.