OUCH on Passwords

May 13, 2013

One of the “Useful Links” in the sidebar here is to the SANS Internet Storm Center [ISC].  The site, staffed by volunteer “handlers”, a group of highly skilled and experienced security professionals and systems/network administrators,  is a very valuable source of the latest security news.  It is, however, a site aimed at IT professionals, and tends, understandably, to be fairly technical, and to assume a fair amount of basic IT knowledge for starters.

However, to their credit, the folks at ISC have not neglected the ordinary user.  It has had, for a couple of years now, an initiative called Securing the Human, which attempts to address security policy issues considering the users’ perspective.  (In the interests of honesty, from personal experience, I am bound to say that this is probably not entirely from altruistic motives — better educated users are, on the whole, less likely to make terminally stupid mistakes.)    The Securing the Human initiative has also involved publishing a newsletter called OUCH!, which is oriented toward end users.

The latest issue of OUCH! has a short (three-page) article on good password practice [PDF].  It has some good, common sense advice that will help you use passwords securely.  If you are a systems admin person, you might want to consider giving copies to your users.

I’d just make one final suggestion: using a password manager, such as Bruce Schneier’s PasswordSafe, can be a big help in managing your passwords, and using them well.

%d bloggers like this: