I don't plan on making this a daily habit, but a few things have crossed my mind and keyboard lately that has made me want to write about something that is often overlooked. One of the things that started this was a thread on the Security Catalyst Community about password policies. A comment was made about the need to use different passwords for different service accounts, the need for complexity, using things such as PWSafe to keep them organized etc... Then the comment was made
Need I say that you should NOT write them down anywhere.I replied that writing them down is a good idea as long as they were secured in case of emergency. In this particular case the guy who started the thread is the only IT guy for his company. The loss of these passwords could prove costly to the company. I know of a couple of instances where the lone IT guy left under bad circumstances and refused to tell anyone the passwords for the systems. They were able to recover them, but it wasn't easy or cheap.
Then this morning I was looking at the SANS @Risk Newsletter and it listed all the vulnerable apps. As I was looking at the list it occurred to me that many of these were small apps that are often installed unknowingly w/ other software or they are small apps that you install and forget about. If these do not have auto update features then when they become vulnerable you are at risk and won't even know it. Having a list of ALL apps on your system and doing regular Google searches for updates or checking their web sites for them is a good idea. If you don't write them down then you won't remember them and they will remain unremembered or at least you won't think of checking for updates.
Using things such as the freeware Belarc Advisor (free for personal use only) will greatly simplify your search for installed apps. There are also others out there that will give you a good snapshot of just exactly you have installed.
1 comment:
There has been some research done about writing down passwords and keeping them safe. The research has shown that people tended to complain less about more complex passwords and more frequent password changes.
-- Tim Krabec
Post a Comment