• Unix: Controlling privileged access

    Posted July 28, 2014 - 8:27 pm

    One of the most important things you can do for security on a Unix system is restrict root access. But the issue is more complicated than who knows root's password.
  • What to do after your email account is compromised

    Posted October 3, 2013 - 4:40 pm

    Here is what I tell people who want to know what to do next, after their email has been opened up and sorted through.
  • Yahoo! Marissa Mayer’s workers get paroled [CARTOON]

    Posted July 19, 2013 - 6:00 am

    Yahoo’s CEO celebrates one year on the job by granting employees a special privilege
  • Review

    PasswordBox - One password to rule them all?

    Posted July 2, 2013 - 8:00 am

    There has been some degree of hype recently around the start up PasswordBox. Their goal is near to my heart - create a single solution to manage all of your username and passwords online. With high hopes I jumped in line for their 1 Million account giveaway and was supplied with an account in just a few days.
  • How to turn off Android's screen lock for yourself (but keep it for everyone else)

    Posted April 9, 2013 - 5:49 pm

    Here's how to keep your Android phone easily unlocked whenever it's near familiar Wi-Fi networks and Bluetooth devices.
  • Reset a Windows password with the System Recovery Disk

    Posted December 14, 2012 - 2:18 pm

    You don't need a third-party tool to reset a forgotten Windows password
  • Security fail: weak passwords, strong crackers, social engineering

    Posted August 22, 2012 - 10:57 am

    Every week seems to bring a new warning about another hacked site exposing at least a million passwords. Is security possible anymore?
  • How to enforce password complexity on Solaris

    Posted May 12, 2012 - 7:44 pm

    Solaris 10 is the first version of Solaris to provide a complex set of variables for controlling password strength. The /etc/default/passwd file contains a series of parameters -- most commented out when a system is first installed -- that allow you to exercise some fairly rigorous constraints on the passwords your users may select.
  • What makes a good password?

    Posted April 29, 2012 - 5:02 pm

    Sound advice against the use of bad passwords has been around for decades. Yet I still find people electing to use passwords like pa55w0rd and login123 as if they'd never heard about password cracking programs. Even technical professionals -- programmers, help desk techs and systems administrators -- sometimes assign really weak passwords to their own and other important accounts. It's become painfully obvious to me that telling people to use good passwords isn't enough. We need to clearly define what a good password is -- and never imply that short or predictable passwords are ever OK.
  • WikiLeaks, Guardian furious at source of security breach: the two of them

    Posted September 1, 2011 - 6:38 pm

    WikiLeaks' founder Julian Assange posts blistering editorial blaming Guardian newspaper for publishing a secret password decrypting 130K cables, which Assange posted in the first place. Guardian editor points finger at Assange, injures self in convolutions trying to avoid blame.
  • Cloud cracks home wireless router; giant hammer squishes ant

    Posted January 11, 2011 - 1:19 pm

    Hackers using Amazon's EC2 to crack WLANs is no threat to corporate IT, but does highlight new options for ambitious, cash-strapped crackers.
  • Six password security tips to learn from the Gawker hack

    Posted December 20, 2010 - 5:47 pm

    The Germans have a word for it: Schadenfreude, taking pleasure in someone else's misfortune. And I have to admit, I did a feel a twinge of satisfaction when Gawker, one of the snarkiest and most self-satisfied collection of sites on the Web, was hacked. But I do worry about the 1.2 million people whose passwords were stolen and posted on the Web for any moderately skilled bad guy to crack and use.
  • FBI investigating Gawker Media hack

    Posted December 14, 2010 - 2:55 pm

    The FBI confirmed to PC World that it is investigating the recent intrusion by a group of hackers into Gawker Media's servers last weekend. The hack exposed more than 200,000 reader e-mail addresses and passwords, and the data is now circulating online as a peer-to-peer torrent file. An FBI representative declined to comment further about the ongoing investigation; however, Gawker Media founder and CEO Nick Denton was scheduled to meet with federal authorities on Monday, according to The New York Post .
  • Are passwords a waste of time?

    Posted May 3, 2010 - 8:56 pm

    I apologize up front for jumping into this debate, but I couldn't resist. Not a week goes by, or so it seems, without some newspaper, magazine or TV show (apologies to my media brethren) lambasting security and IT professionals because they force unnecessary security controls on the poor, downtrodden consumer or worker. It's as if your security requirements are designed to make everyone's life miserable with little or no benefit. You evil CSOs! My heart bleeds for the poor peasants whom you oppress.
  • Best Time to Change Your Password

    Posted December 4, 2009 - 8:18 pm

    A strong password is one that is at least 8 characters long with mixed upper- and lower-case letters, some non-letter characters, and that doesn't follow a pattern that could be easily guessed (for example "12345678"), says Gene Spafford, professor with the Center for Education and Research in Information Assurance and Security (CERIAS) at Perdue University.
  • Where Google Chrome security fails: the password

    Posted November 23, 2009 - 12:42 pm

    Google promises that Chrome will be a much more secure than Windows. Well, yes, but it also has one big problem as well.
  • Avoiding Password Hell

    Posted October 28, 2009 - 12:11 pm

    Some people seem to think that long, complicated passwords that change frequently are great for security. They couldn't be more wrong.
  • Study: Secret questions don't safeguard passwords

    Posted May 19, 2009 - 1:20 pm

    Free e-mail providers often present a so-called "secret question" as a verification mechanism to reset an account password. But the answer is often easily guessable by other people who know the account holder, according to a new study to be released during the IEEE Symposium on Security and Privacy.
  • Password Seeks Partner For Long-Term, Secure Relationship

    Posted May 11, 2009 - 9:17 am

    Passwords have been standing guard over our computer user accounts seemingly forever; for a long while, and for most purposes, they could go it alone. But it's no secret that passwords are no longer sufficient as the sole means of granting access to critical networks, applications, and data.
  • Social networking security: Protect yourself

    Posted December 22, 2008 - 10:58 am

    If you're wading in the social networking pool, revisiting some core security principles can protect you from spammers and other characters on Facebook who can ruin your computer or identity.
  • Adobe admits new PDF password protection is weaker

    Posted December 5, 2008 - 1:01 pm

    Adobe made a critical change to the algorithm used to password-protect PDF documents in Acrobat 9, making it much easier to recover a password and raising concern over the safety of documents.
  • Google Tech talk on Password Reset

    Posted August 15, 2008 - 12:35 am

    In a recent post, I described the problems with password reset, and how current password reset questions can be attacked. Watch my recent Google Tech talk on this subject...
  • What is worse than reusing passwords?

    Posted August 12, 2008 - 9:22 pm

    Think your password resets are secure? Think again. The city you grew up in and your mother's maiden name can be derived from public records. Facebook might unwittingly tell the name of your best friend. And, until quite recently, Ford with its 25% market share had a pretty good chance of being the brand of your first car!
  • Password aging, part 1

    Posted October 5, 2005 - 8:44 am

    While it's clearly possible to use the /etc/passwd and /etc/shadow files in Solaris and other Unix systems without making use of the password aging features, you could be taking advantage of these features to encourage your users to practice better security -- and, with the right password aging values, you can configure a good password-changing policy into your system files while limiting the risk that your users will be locked out of their accounts. In this week's column, we look at the various fields in the shadow file that govern password aging and suggest settings that might give you the right balance between user convenience and good password security.
Join us:






Join today!

See more content
Ask a Question