Sunday, November 16, 2014

More Secure Than Your Password

Hackers break into corporate computer systems and release lists of usernames and passwords on the open web. Home PCs are vulnerable to malware, viruses and other tricks to access your personal, financial and private information. These have now become regular occurrences. The most common weakness in these types of hacks is the password. Passwords are a technology from a time when our computers were not inter-connected. The age of the password has come to an end. 
Here are some security technologies that, once implemented, will replace the traditional password.

Biometrics authentication is used in computer security as a form of identification and access control. It refers to using physical human characteristics and traits instead of a manually entered password. Examples include, but are not limited to, a fingerprint, palm print, facial recognition, retina pattern and even DNA. The products that allow client access will have biometric readers that interface with the host security system.

No one method of biometric security is said to do the best job of protecting system access. When you consider biometric security, you want to select a physical characteristic that is constant and does not change over time, and are also difficult to fake or can be changed on purpose. You also need to consider that some biometric security metrics are consider more invasive than others (e.g. DNA vs. facial recognition). Some methods take a lot of time to execute, such as a retinal scan which can take as much as 15-30 seconds. In addition, ethical use issues have been raised over some of the biometric security metrics. The details of the methods and issues will not be addressed in this post.

A fob, also called a key fob or token, is a small security hardware device with built-in authentication used to control and secure access to a network and data. Typically, the fob randomly generates an access code, which usually changes every 60 seconds. These one time use codes are the "password" used to validate system access, and they work as long as timing and code algorithm synchronization exists between the client's fob and the host authentication server.

Disconnected fobs are the most common type of security  fob, and do not have a physical connection to the client's computer. They use a built-in screen to display the generated authentication code, which the client manually enters via the keyboard. Bluetooth technology is also used as a disconnected fob.

Connected fobs must be physically connected to the client's computer. Authentication is automatically performed once a physical connection is made, eliminating the need for the client to manually enter the authentication code. Smart card technology is also used as a connected fob.

A "wearable" refers to a mobile device such as a cell phone or tablet computer. With wearable security, authentication is a 2-step process. The client enters an account identifier code via a keyboard. The security system then transmits a one-time use pass code to the client via a pre-registered email address, or device for an SMS (text message). Upon receipt of the pass code, the client enters that code via the keyboard. That code is not used again. Typically, the security system will accept the transmitted code only within a set period of time before the code expires. If the code expires before successfully entered, the client must request a new code.

In the Mean Time...
Until you implement stronger security measures, the first step in improving security is to have strong passwords. In SplashData's recently released list of worst passwords, the 2-time annual winner (or loser) of the most common (and therefore worst) password is "123456". Following that is "password". People continue to put themselves at risk by using weak, easily guessable passwords. Individuals and organizations must encourage the adoption and enforcement of stronger passwords.

Microsoft's tips for creating strong passwords are:
  • Is at least eight characters long
  • Does not contain your user name, real name, or company name
  • Does not contain a complete word
  • Is significantly different from previous passwords
  • Contains characters from each of the following four categories:
    • Uppercase letters
    • Lowercase letters
    • Numbers
    • Keyboard symbol characters (e.g. !@#$%, etc.)

For example, a password of "troubadours" is not considered very strong. A stronger choice would be "Trou8@d0Ur$".

I encourage you to leave a comment by clicking on "...comments" below...
David Schuchman

Saturday, November 1, 2014

Conference Call Etiquette

A conference call is when one or more of the parties are in different locations and situations. We have all been on a conference call where people show up late, become a distraction by forgetting to put their phone on mute, or have sidebar conversations (we hear) with others not on the call.

Here are a few guidelines you should strive to follow when attending a conference call.
Set the Ground Rules
If you are the one that initiated the conference call, let the others on the call know some of the basic ground rules pertaining to etiquette. Ahead of the call, provide the meeting start time, duration and agenda. You can also identify what will not be discussed on the call.

Keep Track of the Conference Call Start Time
Make sure you know when your conference call begins, and be sure to keep the conference call number and pin handy so you are not scrambling to find it at the last minute. Your meeting reminder should not come from a call or email from someone who is waiting for you to join the call.

Never Put Your Phone on Hold
If your hold feature plays background music it will play into the conference call and make it very difficult for the other participants to continue the meeting in your absence.

Mute Your Phone When You are not Speaking
Mute your phone to avoid distracting sounds, conversations, or noises that are not applicable to the conference call. Muting your phone will help you avoid embarrassing sighs, munching noises from eating your lunch, sidebar conversations, or other background noise.

Be Prepared
Like with all meetings, you should do some prep work or write down questions that you would like to address on the conference call. Like any meeting, you want the conference call to be productive and not spawn other calls/meetings because of lack of preparation.

Pay Attention
When you call in to a conference call there are other distractions in front of you: emails in your inbox, coworkers asking questions, work piling up on your desk, etc. If someone asks you a question on the call and you do not realize they are talking to you until the end of their question, it will be obvious that you were not paying attention. Don’t be the person who always has to ask others to repeat their question.

I encourage you to leave a comment by clicking on "...comments" below...
David Schuchman