The Agency Insider with Linda McGlasson

Passwords: Prying Eyes are All Atwitter

Passwords: Prying Eyes are All Atwitter

Passwords - they are the bane of information security pros everywhere, and they're back in the headlines again. This time its Twitter's red-faced admission that its corporate network was accessed by tricking the password reset system for Google Apps, and subsequently Twitter's private data and documents were leaked outside of the company.

This is the time to look at your password policy and management. What are your standard password configuration requirements? Do you make everyone (and this means you, CEO and senior executive) at your institution change their passwords at login every quarter (at least)? Where is this needed most? For those single sign-on passwords that open the institution's network with a few key strokes.

Passwords are a pain in the butt for everyone, including those in information security. One of the "older" senior execs at a company where I once worked insisted that his password remain the same. He resisted numerous prompts to change it until my boss, the head of information security, told him that since his password was known, anyone could read his emails. (No one except those of us in the infosec group and the help desk knew his password, and that was because he had sent us emails asking that he be allowed to keep his password the same. And yes, he typed his password in the email request.) He quickly became compliant.

The problem with passwords is there are just too darn many of them. Every website, app and email address we use has a password associated with it in order to access or view the information. Being that most people (including technically savvy ones) are predictable creatures of habit, we fall into using the same passwords for different sites. Solution is - password vaults. There are many on the market now that keep your passwords safe from prying hacker eyes.

Twitter's password hack is indicative of what's really happening out here in the wild world of the Internet. If Sarah Palin's password to her Yahoo email can be guessed, then this Twitter password hack kicks up the fervor for better security, including that for applications that everyone is flocking to and using.

Here are some tips from an earlier article I wrote on creating a good password. Or how about adding another level of "hard to crack" authentication by making a pass phrase. (I use song lyrics from my favorite artists and use the first letter of each word of the song title or line.)

I had to laugh when a person at Twitter was quoted as saying that having their data hacked through passwords was like having someone rifle through your underwear drawer, "Embarrassing, but no one's really going to be surprised about what's in there." I like to think passwords are like underwear -- nobody else uses them or sees them except the owner. (Underwear and lingerie models excluded.) And if anyone should see the underwear, then the owner should be more than a little upset. I know I would be.

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.