Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, February 22, 2005

Four passwords needed to foil hackers

Every computer user should have at least four different types of password to securely access websites and work systems, according to the Computing Technology Industry Association (CompTIA).

The IT trade organisation said that human error is the primary cause of IT security breaches, and in many instances security breaches can be traced back to poor password security.

CompTIA warned that people should use multiple passwords, because if one is compromised or stolen they could become the victim of identity theft or financial loss.  And if the lost password is the same one used at work, the organisation warned that “the consequences for your employer could be disastrous”.

“As we have incorporated computer use into more and more of our lives at home and at work, the number of passwords we use has grown exponentially,” said John Venator, president and chief executive at CompTIA.

The organisation recommends that users maintain four passwords.  The first should be easy to remember for use on general websites.  The same password can be used in many low-risk places because the consequences are minimal if the password is compromised.

The second password should be more complex, with a mix of numbers and letters, for e-commerce websites.  But if this password is compromised, CompTIA warned, there may be financial implications, such as credit card theft.

Thirdly a “very complex” password is required for banking websites.  This password should contain lower case letters, uppercase letters, numbers and punctuation marks, or at least three of these four categories.  If this password is compromised, identity theft is possible.

Finally a separate password should be used only at work, which should not resemble any of the passwords used for home and personal computing.  All passwords except the easy website password should be changed at least every 90 days, the trade body advised.

Posted on 02/22