Market or Die: Security Archives

Password Security Reminder

Password security really only consists of two things.

1. Ensure that your password can't be easily guessed.

2. Keep your password secure so others can't read it.

On the first of these.

You don't have to go crazy on password length or complication. A 7 character password, if it includes a mixture of numbers and letters, will do just fine. IF it includes both lower and upper case letters. And IF it doesn't include real words and obvious numbers (like your street address).

It would take millions of tries to guess a password like that.

Make sure others in your company AND your provider also practice proper security. You are not alone in the boat. If someone hacks the password of another email account in your company, or on the server you share, it can take the whole server down.

For the second, besides the obvious (don't put your password on a post-it note on your screen), do not host your website on a Windows server. They are not and never will be secure.

Posted by Richard R. Byrd at 05:17 AM | Permalink

Password Changes

Those annoying required password changes?

Useless.

Our recommendations for password security.

Posted by Richard R. Byrd at 07:21 AM | Permalink

Phishing

One of the hazards of the Internet is "phishing."

It is a criminal effort to get you to go to what looks like a legitimate site and input information such as credit cards.

There are several ways to protect yourself:

1. If it looks fishy, it almost certainly is.

2. Look at the link you are supposed to click on. Mouseover to see the actual link. It should match what it claims to be. Look at the domain name. It is only the last part of the domain that counts. "bankofamerica.phishy-site.com" the domain is "phishy-site.com" - NOT "bankofamerica.com".

3. There are now various checking services built into web browsers and security software that will warn you if a site is suspicious or a known attack site. Some of these such as Norton SafeWeb even work in Google search engine results pages.

There are a lot of criminals out there. It isn't hard to avoid getting caught by a scam. Just stay alert.

Posted by Richard R. Byrd at 12:07 PM | Permalink

Password Security

I've written before about password security.

Recently, 310 pieces of confidential corporate information from Twitter were publicly posted.

Here's the story of how it was done.

Adequate password security isn't difficult. But your main protection is the fact that probably no one is trying to hack you!

Anyway, this article points out a couple of additional points to ensuring adequate security on your accounts:

1. Make sure any secondary email addresses on your accounts are active.

2. Make any "secret question" answers something that can't be easily guessed or Googled.

It's worth paying attention to.

Posted by Richard R. Byrd at 07:12 AM | Permalink

Website Vulnerability Issues

If you have a website or are involved with Internet marketing in any way, you need to be aware of security issues.

Not really the business we are in but some simple advice is in order from time-to-time. So I set up a new category for Security postings.

Here's an excellent video from Google about security concerns if you have a website: Preventing Virtual Blight.

Posted by Richard R. Byrd at 10:23 AM | Permalink | Comments (1)

Website Contact Emails

Every website needs to encourage the visitor to contact the company or otherwise take action.

You want to make it easy on the visitor to contact you by whatever means they are most comfortable with.

One of those methods is normally by email. However, this is a potential vulnerability for you and your site:

Continue reading "Website Contact Emails" »

Posted by Richard R. Byrd at 11:27 AM | Permalink

Password Security

There are bad people out there.

All passwords should be of sufficient strength so as to make it hard on hackers to crack into your website or email accounts.

Our recommendations:

7 or 8 characters long (can be longer but 7 is long enough unless your situation makes you a tempting target).
at least one capital letter,

at least one lower-case letter

at least one numeral 0 to 9

no real words or names (or parts, like the first 4 letters of your last name)

no meaningful numbers (like your birthday or street address)

Of course, you also have to keep your passwords secure so no one unauthorized can get their hands on them.

Also change relevant passwords in event of a suspected hacking or if personnel leave the company.

Posted by Richard R. Byrd at 10:33 AM | Permalink

May 06, 2010

Password Security Reminder

April 15, 2010

Password Changes

October 19, 2009

Phishing

July 21, 2009

Password Security

February 06, 2009

Website Vulnerability Issues

January 29, 2009

Website Contact Emails

January 19, 2009

Password Security


	Main May 06, 2010 Password Security Reminder Password security really only consists of two things. 1. Ensure that your password can't be easily guessed. 2. Keep your password secure so others can't read it. On the first of these. You don't have to go crazy on password length or complication. A 7 character password, if it includes a mixture of numbers and letters, will do just fine. IF it includes both lower and upper case letters. And IF it doesn't include real words and obvious numbers (like your street address). It would take millions of tries to guess a password like that. Make sure others in your company AND your provider also practice proper security. You are not alone in the boat. If someone hacks the password of another email account in your company, or on the server you share, it can take the whole server down. For the second, besides the obvious (don't put your password on a post-it note on your screen), do not host your website on a Windows server. They are not and never will be secure. Posted by Richard R. Byrd at 05:17 AM \| Permalink April 15, 2010 Password Changes Those annoying required password changes? Useless. Our recommendations for password security. Posted by Richard R. Byrd at 07:21 AM \| Permalink October 19, 2009 Phishing One of the hazards of the Internet is "phishing." It is a criminal effort to get you to go to what looks like a legitimate site and input information such as credit cards. There are several ways to protect yourself: 1. If it looks fishy, it almost certainly is. 2. Look at the link you are supposed to click on. Mouseover to see the actual link. It should match what it claims to be. Look at the domain name. It is only the last part of the domain that counts. "bankofamerica.phishy-site.com" the domain is "phishy-site.com" - NOT "bankofamerica.com". 3. There are now various checking services built into web browsers and security software that will warn you if a site is suspicious or a known attack site. Some of these such as Norton SafeWeb even work in Google search engine results pages. There are a lot of criminals out there. It isn't hard to avoid getting caught by a scam. Just stay alert. Posted by Richard R. Byrd at 12:07 PM \| Permalink July 21, 2009 Password Security I've written before about password security. Recently, 310 pieces of confidential corporate information from Twitter were publicly posted. Here's the story of how it was done. Adequate password security isn't difficult. But your main protection is the fact that probably no one is trying to hack you! Anyway, this article points out a couple of additional points to ensuring adequate security on your accounts: 1. Make sure any secondary email addresses on your accounts are active. 2. Make any "secret question" answers something that can't be easily guessed or Googled. It's worth paying attention to. Posted by Richard R. Byrd at 07:12 AM \| Permalink February 06, 2009 Website Vulnerability Issues If you have a website or are involved with Internet marketing in any way, you need to be aware of security issues. Not really the business we are in but some simple advice is in order from time-to-time. So I set up a new category for Security postings. Here's an excellent video from Google about security concerns if you have a website: Preventing Virtual Blight. Posted by Richard R. Byrd at 10:23 AM \| Permalink \| Comments (1) January 29, 2009 Website Contact Emails Every website needs to encourage the visitor to contact the company or otherwise take action. You want to make it easy on the visitor to contact you by whatever means they are most comfortable with. One of those methods is normally by email. However, this is a potential vulnerability for you and your site: Continue reading "Website Contact Emails" » Posted by Richard R. Byrd at 11:27 AM \| Permalink January 19, 2009 Password Security There are bad people out there. All passwords should be of sufficient strength so as to make it hard on hackers to crack into your website or email accounts. Our recommendations: 7 or 8 characters long (can be longer but 7 is long enough unless your situation makes you a tempting target). at least one capital letter, at least one lower-case letter at least one numeral 0 to 9 no real words or names (or parts, like the first 4 letters of your last name) no meaningful numbers (like your birthday or street address) Of course, you also have to keep your passwords secure so no one unauthorized can get their hands on them. Also change relevant passwords in event of a suspected hacking or if personnel leave the company. Posted by Richard R. Byrd at 10:33 AM \| Permalink


©2009 Fast Forward Marketing. All Rights Reserved. \| www.fastf.com