Passwords: Prying Eyes are All Atwitter
This is the time to look at your password policy and management. What are your standard password configuration requirements? Do you make everyone (and this means you, CEO and senior executive) at your institution change their passwords at login every quarter (at least)? Where is this needed most? For those single sign-on passwords that open the institution's network with a few key strokes.
Passwords are a pain in the butt for everyone, including those in information security. One of the "older" senior execs at a company where I once worked insisted that his password remain the same. He resisted numerous prompts to change it until my boss, the head of information security, told him that since his password was known, anyone could read his emails. (No one except those of us in the infosec group and the help desk knew his password, and that was because he had sent us emails asking that he be allowed to keep his password the same. And yes, he typed his password in the email request.) He quickly became compliant.
I like to think passwords are like underwear -- nobody else uses them or sees them except the owner.
The problem with passwords is there are just too darn many of them. Every website, app and email address we use has a password associated with it in order to access or view the information. Being that most people (including technically savvy ones) are predictable creatures of habit, we fall into using the same passwords for different sites. Solution is - password vaults. There are many on the market now that keep your passwords safe from prying hacker eyes.
Twitter's password hack is indicative of what's really happening out here in the wild world of the Internet. If Sarah Palin's password to her Yahoo email can be guessed, then this Twitter password hack kicks up the fervor for better security, including that for applications that everyone is flocking to and using.
Here are some tips from an earlier article I wrote on creating a good password. Or how about adding another level of "hard to crack" authentication by making a pass phrase. (I use song lyrics from my favorite artists and use the first letter of each word of the song title or line.)
I had to laugh when a person at Twitter was quoted as saying that having their data hacked through passwords was like having someone rifle through your underwear drawer, "Embarrassing, but no one's really going to be surprised about what's in there." I like to think passwords are like underwear -- nobody else uses them or sees them except the owner. (Underwear and lingerie models excluded.) And if anyone should see the underwear, then the owner should be more than a little upset. I know I would be.