« Pop-In “Spooking”: Office Espionage Part 3
Seth Godin Down the Wrong Path »

Hacking In: Pilfering Passwords: Office Espionage Part 4

226873460_c8eabd2911_m.jpg

If you work in an office and you often have need to access secure data, you probably use some type of username, password challenge system. In most cases that is a “good enough” method. However, you should know that one of the most common methods of hacking in to secure systems is simply by entering the username and password of an authorized user.

This edition is part of a “greatest hits” series I’m doing which polishes and updates some of the more popular posts I’ve written.

If you would like to test the strength of this security in your work place try the following 3 minute data harvest.

  1. Take a walk through each office and look at the post-its around the computers.
  2. Flip through the rol-o-dex on you coworkers desk and stop under “P” for passwords.
  3. Ask the office support staff for the password to access some data you have no reason to access.

If you have some time to devote to gathering some data, try the following password harvests.

  1. Find out mother’s maiden names.
  2. Find out children’s’ names.
  3. Find out the name of favorite pets.

Here are the no brainer password hacks that you don’t even need to leave your seat to find.

  1. According to Netscape about 1 1/2 of all people use “123″ or “password” for their password.
  2. The next most common is the name of the city in which you are located.
  3. The next most common (brace yourself) is “Let Me In.”

The holy grail of password stealing is finding the last four digits of the individuals social security number.

There are steps you can take to make sure your passwords stay relatively secure.

  1. Choose a password that is not in the dictionary (vorpalsword, caloocalay,snickersnack…).
  2. Include some numbers in your password (Herd1, t8tertots,4bid…).
  3. Change your password regularly.

Here is an interesting tid bit from Micro-Soft on password strength. The “blank password.” They maintain that having no password at all is a stronger defense than the 1234 or ABCD password approach.

Describing A Spy

http://elementaltruths.com/?p=415

Office Traitors

http://elementaltruths.com/?p=414

Business Brain Cramps

http://elementaltruths.com/?p=413

Starbucks Espionage

http://elementaltruths.com/?p=412

Recording Devices

http://elementaltruths.com/?p=411

Cell and Cordless Phones

http://elementaltruths.com/?p=410

Hacking Passwords

http://elementaltruths.com/?p=409

Pop-In Spooking

http://elementaltruths.com/?p=407

Office Espionage

http://elementaltruths.com/?p=408

Waste Archeology

http://elementaltruths.com/?p=406

Security Overview

http://elementaltruths.com/?p=404

This entry was posted on Tuesday, August 21st, 2007 at 5:28 pm and is filed under Reg Adkins. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply