Skip to main content

Overcoming Password Woes - A Presentation

With our recent change to everyone's password and the hardening of some of our standards, we've understandably got a bit of internal confusion over passwords. I decided to not only sort out our internal problems but also give our users some great tips for their internet passwords.

Here's a presentation I've prepared for our users. I've stripped off branding and names so that
you can use it in your own organisations. You have my permission to reuse it as you see fit.



Comments

Graham Dodge said…
All good stuff ... I liked the system of taking the first letters from a memorable phrase so that I can easily remember my password is 'mhall1fwwas' by combining 'Mary had a little lamb its fleece was white as snow. with a number/letter swap for the 'i'.

There are so many memorable phrases in IT:
* "No Computer Will 3ver Need More than 640k Of Ram".
* "Trust Me... 1'm A Consultant".
* "This 1s Another Fixed Price Development Project From ".
* "We Have Now Assigned To Your Project Because 1s No Longer With The Company".
* "1 Did Not Have Sex With That Woman".
.
grumpy_coder said…
Gavin,

Excellent presentation. I practice something similar, but I apply a basic principle with passwords.

I classify systems/web-sites into 2 categories, mission-critical, and non-mission critical.

For mission critical things like email passwords, I use a couple of super complex passwords. Whenever I register for non-critical sites that "need" an email account to verify my identity, I use a couple of non-critical passwords for those accounts.

The point being, if these other sites get hacked, they will see my email account and probably try the same password. So, if the password is vastly different between mission critical things and gaming sites or whatever, there is a reasonably good barrier to entry in trying to get to really sensitive stuff.

The other thing to is eliminating identity theft. Usually you will put your birth date or some other personal info into these sites as well. Designers of these sites are also inviting hackers to build a better profile of you. So, also, have a fictitious birth date. So, don't be too liberal with your personal identity, otherwise it's not going to personal for long.
Gavin Bollard said…
Great ideas guys. I know that this won't provide the most "perfect" passwords but there's a fine line between being too secure and too difficult. ... especially with our users.

Popular posts from this blog

How to Change Your Notification Options for New Lotus Notes Mail in version 8.x

Don't worry, I'm not patronizing you (my readers), I just decided to re-document this for one of our internal users and thought you might want to be able to use it in your own user documentation. WHAT IS THIS DOCUMENT ABOUT? Some people who don't get a lot of mail, like to be notified when such an event occurs. Notification can be; via a sound via a pop-up box via the system tray (where the computer clock is) The pop up box looks like this; Other people, who like myself, get too much mail would rather not be notified. The aim of this document is to tell you how (and where) to turn these options on and off. CHANGING YOUR SETTINGS To change your settings from the Notes 8.x client; On the Menu, click File , then Preferences... On the left hand side , click on the little plus sign to the left of Mail to expand the options. Click on the option marked Sending and Receiving . In the middle section, under receiving, you can control your notifications. If you untick the box mark

How to Create an Auto-Response Mail Message in Lotus Notes 8.5.3+

Why would you do this? Suppose that you have an externally accessible generic email address for your company; support@mycompany.com or info@mycompany.com. You might expose this to the web and allow people to send messages to you. Setting up an auto-response email will tell the senders that their message reached its destination and that it will be dealt with accordingly.  It's also good practice to include links to FAQs or other useful information. Why 8.5.3 The techniques we'll be using here work in older versions of Notes but some of the options seem to have moved around in 8.5.3.  I figured it was a good time to show you where they've moved to. The Procedure Start Domino Designer and open the Mail file to be modified.  A really quick way to do this is to right-click on the application tab and choose "Open in Designer". In the Left hand panel of designer, expand Code and then double-click Agents.  A new window should appear. Click the action

How to Do a Mail Merge to Email using Lotus Notes

Why do one? In today's "green" world, it makes much better sense to send out emails than letters but you still want to personalize them. Sadly, by itself Lotus Notes doesn't support mail merge to email. Of course, we know that outlook does (but then it lets anyone and anything send emails for you - even when you don't want them to). So, how to do it in Notes? OpenNTF The first port of call is OpenNTF ( http://www.openntf.org/ ). This place is full of great things but most of them are really badly documented. Still, these guys give things away for free and they develop in their spare time, so we should be grateful for what we get. There's a great little project there called MailMerge Excel to Notes . Go there, click on releases and download the ZIP file. Getting to the Code The installation is tricky though I've noted that since I asked the author about the install, it's been updated (so maybe these steps are less necessary). Unzip the files to somewher