A prevalent computer security problem today is poor password management. Typical users type a password at least once a day to gain access to confidential or sensitive data.
Users must be trained to be very careful about guarding their password by not sharing it with anyone and not writing it down anywhere,
for example, a sticky note on their monitor. Users also need guidance in selecting good passwords and when to change them.
User training should also include watching out for “shoulder surfers” who will watch your fingers as you type your password
or “social engineers” who can smoothly persuade you to disclose passwords or other sensitive information.
Good security awareness is certainly important, but any such policies and training are severely undermined by the legacy systems
and protocols that transmit passwords in the clear over the Internet.
Passwords are used not only to authenticate users for access to the files they keep in their private accounts
but other passwords are often employed within database systems.
When the user types any of these passwords, the system does not echo them to the computer screen to ensure that no one will see them.
After jealously guarding these passwords and having the computer system reinforce the notion that they are private,
a system that sends each character in a password across the network is easily seen by any Ethernet sniffer.
End users do not realize just how easily these passwords can be found by someone using a simple and common piece of software
4 tahun yang lalu
0 komentar:
Posting Komentar