What I tell the lay person
1. Mix up the password with uppercase, lowercase, numbers and special characters. Take a current password and mix a couple characters. For example, if your current password is abracadabra, then change it to something like abRac@dabra. Something easy to remember, but difficult to guess. 2. Change all your passwords every 3 months and do not use the same password you used before. 3. Do not use the same passwords for your email, banking websites, eCommerce sites, etc 4. Do not write down your password or give it to anybody under any circumstances. If you get a call from someone asking for your password to your banking account, hang up and contact the bank from a publically known number (i.e. from your statement). If you initiated the call and they ask for your password to verify the account, that is fine. But if someone calls you, never give it out! 5. If you get an email asking for your username/password to a website, contact the company itself. Do not respond to emails asking for passwords. I really wish websites would have some type of standard for passwords. Some sites do not allow special characters, some sites will limit the number of characters, etc. Banks tend to be the worst of this. From: Jonathan Link [mailto:[email protected]] Sent: Friday, September 09, 2011 9:43 AM To: NT System Admin Issues Subject: Re: password questions IMO, the most important thing that people need to know about passwords follows. DON'T RECYLCE PASSWORDS. On Fri, Sep 9, 2011 at 12:32 PM, Shauna Hensala <[email protected]> wrote: I have been asked to speak to an group regarding personal internet security. This will be a fairly light weight discussion and I have a couple of really good references regarding choosing secure passwords and the https://www.grc.com/haystack.htm site for testing. My question for all of you is this: What if you incorporate a symbol not normally found on a keyboard into your password - such as ¢ which requires the key combo alt/0162? Does this increase or decrease the hackability of your password - or is it completely irrelevant? To a hacker, is the actual password alt0162 or is it ¢? Thanks for any information you can offer. Shauna Hensala _____ Date: Fri, 9 Sep 2011 16:07:15 +0100 Subject: Re: External subdomains considered dangerous? From: [email protected] To: [email protected] Aha, you are therefore a Chinese agent :-) On 9 September 2011 15:47, Matthew B Ames <[email protected]> wrote: Maybe those companies only use external hosted pop3/imap accounts (granted that is unlikely). I assume from the article is more about a company emailing another company. I own a .org.uk domain in the UK, and I quite often get emails (which is meant for the .org). I have even had invoices, emails from their accounts department, etc landing in my personal email. More recently I had a batch of CVs for people apply for job applications as a secretary either they misread the advert or just automatically typed in the .uk without thinking about it as the .org is a UK based company). From: Andrew S. Baker [mailto:[email protected]] Sent: 09 September 2011 15:31 To: NT System Admin Issues Subject: Re: External subdomains considered dangerous? Why are internal email addresses being typed in manually? ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market On Fri, Sep 9, 2011 at 10:04 AM, Kurt Buff <[email protected]> wrote: 20gb of email in six months, and it includes full router configs with passwords, too. http://www.wired.com/threatlevel/2011/09/doppelganger-domains/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. QinetiQ may monitor email traffic data and also the content of email for the purposes of security. QinetiQ Limited (Registered in England & Wales: Company Number: 3796233) Registered office: Cody Technology Park, Ively Road, Farnborough, Hampshire, GU14 0LX http://www.qinetiq.com. <http://www.qinetiq.com> http://www.qinetiq.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ***** IMPORTANT INFORMATION/DISCLAIMER ***** This document should be read only by those persons to whom it is addressed. If you have received this message it was obviously addressed to you and therefore you can read it, even it we didn't mean to send it to you. However, if the contents of this email make no sense whatsoever then you probably were not the intended recipient, or, alternatively, you are a mindless cretin; either way, you should immediately kill yourself and destroy your computer (not necessarily in that order). Once you have taken this action, please contact us.. no, sorry, you can't use your computer, because you just destroyed it, and possibly also committed suicide afterwards, but I am starting to digress...... The originator of this email is not liable for the transmission of the information contained in this communication. Or are they? Either way it's a pretty dull legal query and frankly one I'm not going to dwell on. But should you have nothing better to do, please feel free to ruminate on it, and please pass on any concrete conclusions should you find them. However, if you pass them on via email, be sure to include a disclaimer regarding liability for transmission. In the event that the originator did not send this email to you, then please return it to us and attach a scanned-in picture of your mother's brother's wife wearing nothing but a kangaroo suit, and we will immediately refund you exactly half of what you paid for the can of Whiskas you bought when you went to Pets At Home yesterday. We take no responsibility for non-receipt of this email because we are running Exchange 5.5 and everyone knows how glitchy that can be. In the event that you do get this message then please note that we take no responsibility for that either. Nor will we accept any liability, tacit or implied, for any damage you may or may not incur as a result of receiving, or not, as the case may be, from time to time, notwithstanding all liabilities implied or otherwise, ummm, hell, where was I...umm, no matter what happens, it is NOT, and NEVER WILL BE, OUR FAULT! The comments and opinions expressed herein are my own and NOT those of my employer, who, if he knew I was sending emails and surfing the seamier side of the Internet, would cut off my manhood and feed it to me for afternoon tea. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
