a Password is something all teknologibrukere must relate to, both privately and professionally. Password and the administration of them has more technological aspects, such as f.ex. the technological protection of passordlister m.m. But passwords have ultimately a significant human page, then the password is something that we as a people know, or is.
One would think that academia, the technology and the security industry had solved the challenge with the password a long time ago. There have been many different attempts, but the development to find safer and better brukerløsninger continues. Back we face as users are currently left with passordløsninger that requires both knowledge and time. For many users is enough password still a source of frustration.
Lots of advice about passwords is very general and does not take height for that there should be a risk and the valuation of what he is trying to protect. The variation in the security measures should ideally come out from which values the individual wishes to protect and the risk that exists and the risk to which the individual is willing to take. But we have to recognize that it is difficult to get the individual to make such judgements in everyday life. Most of us want solutions to be simple and work so that we need to use the least amount of time possible on them.
We use analog rules from a time where people had not even “password”, but a pin code to the atm and for a few, tallkombinasjonen to the safe in the office. It was the only thing we had to remember and that we were not “allowed” to write down. These rules we have taken with us over in a reality that is very different.
Specific password policies from the employer to the individual user/employee often takes only height of the one password to your workplace’s systems and forget that norway has a need for between 15-20 unique password. Even though the advice in isolation, contribute to good security, it prevents the in reality of what is humanly possible.
Strict safety rules followed, can provide better security. But the strict security regulations that no one is able to follow, provides poorer security. Security measures that only takes the height of the strongest needs for security can quickly become difficult to understand and live for those who do not experience or understand the need.
We wish it to be feasible for several to get better passordrutiner and security. In connection with the national sikkerhetsmåned we come with what we believe are some few important advices and clarifications related to the password. It is not that these suggestions are not written or said before, but it is nevertheless a small important change that will hopefully come clearer when you’ve read this post done.
Use 2-factor authentication
Two-factor authentication is authentication with something you know and something you have, for example, a kodebrikke. Something you know is usually a password. By using something you have in addition to something you know, make it more difficult for an attacker to masquerade as the intended user. The site can in this way can be more secure that only the intended users use the services.
Immediately, it may seem as if you need to do more. But you get better security and it can save you a lot of work later, if your password is going astray.
the Chances of that password at one point or another is going astray, is great.
Use a unique password
The most common way passwords are lost, is that the services we use are hacked and how our passwords are being stolen along with millions of other passwords. Well-known cases where the password is gone astray is Yahoo with over 500 million users, LinkedIn with 117 and Evernote with 50. The list of such incidents is long.
These events, we can’t protect ourselves against, but we can personally reduce the harmful effects of such events by using unique passwords. You have a unique password that gets hacked, you don’t need to spend time to modify it in a variety of other services. We see a unique password in combination with two-step verification, will hackingen of your passwords on a service where you use 2-step verification does not lead to the fact that hackers can access. They have only obtained 50% of what they need.
How you create a unique password, there are many tips and advice on. We recommend that you go to the Netiquette for the good advice about how you f.ex. create your unique password.
Be creative when you create them and not focus too much on the fact that they should be easy for you to remember. It is not certainly you need to remember all your unique passwords. Why is that? Because you can feel free to feel free to write down your passwords.
please Write down your passwords
Make yourself a written list of your user names and passwords on the services you use.
a few passwords that you use often you should for practical reasons be able to remember. We recommend NOT that you go around with a written list of all of your passwords. The list that you create you should treat as a security and protect accordingly. The list should also not be visible in the vicinity of your computer.
if you Choose to write down your passwords then do it with pen and paper. NOT write the electronic down and save the as a file on your computer. Another option is to use a password-håndteringsprogram if you are comfortable with it.
This is perhaps the advice that some people will respond to. But ask yourself. Can we really remember 15-20 unique password that should be of a certain complexity and length? We at NSM are not very convinced about it, and then it should remember 15-20 unique passwords only a theoretical advice that sounds very secure. In reality, there is a good chance that many only use one or two passwords for all their services. It gives in each case, higher risks and poorer security.
We will, however, keep in mind that if your employer in their internal rules require employees not to write down passwords, it is the employer’s policy that apply in the workplace.
Good passordrutiner is depending on ourselves
Very much of informasjonssikkerhetsarbeidet do we leave to others. Think of all the online services we use and where we trust that they protect our values and information in a good way. But something we need to do for yourself. It to have good passordrutiner is one of those tasks where we even helps to protect our own values and information. Your own efforts and behavior are contributing to whether or not you are safe online or not.
do you Want to know more about how you can best create and protect your own passwords, there are many good sources.
In Norway you can as mentioned above, get more information from NorSIS and Netiquette.
IN the united STATES, they have also come up with some simple tips and advice for the password
In Sweden, it is recently published a report about the password where there are many similarities to Norway.
In the united Kingdom, there has been some guidelines and advice as to a greater extent caters to organizations and businesses. (Opens a PDF document)
finally, we have in the National sikkerhetsmyndighet just come with a new guidance to businesses on 2-factor authentication.
Post was first published on the National sikkerhetsmyndighets web pages in conjunction with the National sikkerhetsmåned. TV 2 publish the post again with permission.
No comments:
Post a Comment