Hi Chris and HTers, Great advice Chris, thank you. Any suggestions about which password manager is best amount 1Password, LastPass, DashLane, etc.? Or are they all pretty much as good as the other? Best Regards, Rob Laporte President and CEO DISC, Inc. - "Making Web Sites Make Money" 413-584-6500 Fax 413-553-0745 Rob at 2disc.com www.2disc.com Note: Increasingly, ISPs, companies and individuals use spam blocking systems that block legitimate email too. Important emails should be followed up with a phone call if no reply happens within an expected span of time. From: Chris Hart <email at chrishart.net> Date: Tue, 26 Aug 2014 10:10:08 -0400 To: <Hidden-discuss at lists.hidden-tech.net> Conversation: security audit of network and website properties Subject: Re: [Hidden-tech] security audit of network and website properties ** Be sure to fill out the survey/skills inventory in the member's area. ** If you did, we all thank you. The number 1 suggestion I have for network and 'net security is to have good password practices: 1) using long, random passwords, that are unique for every single site/service/account 2) storing them in an encrypted password manager and nowhere else (1Password, LastPass, DashLane, etc.) 3) change the passwords once in a while - change critical passwords (like banking/financial) on a quarterly basis - any time someone leaves your company, change the codes that you know they had access to If you don't have strong password practices as a starting point, all the security in the world is worthless. And I can't tell you how many individuals and business I encounter who have lousy password habits and are making themselves vulnerable. And if others in the organization are responsible for establishing new / changing passwords sometimes, you should audit their passwords, too. I have seen many instances of the boss at a company pushing through my password practice recommendations to the staff, only to have the staff change the passwords back to something "easy" shortly thereafter. (Of course using password managers should negate the need for 'easy' passwords, but some people are stubborn and minimize the threats/risks in their head and talk themselves out of the need for strong passwords.) Chris Hart Computer Support & Technology Consulting for Connecticut and Western Massachusetts Tel: 860-291-9393 http://www.MyMacTech.com On 8/26/2014 7:48 AM, Rob Laporte wrote: > This leads me to a new but related topic and question: are there network and > security experts on this list? If so, I think it would be good to hear from > them, for all our sakes. A security audit of network and website properties > should probably be higher on most of our todo lists than it is. > > Best Regards, > > Rob Laporte > President and CEO > DISC, Inc. - "Making Web Sites Make Money" > 413-584-6500 > Fax 413-553-0745 > Rob at 2disc.com > www.2disc.com <http://www.2disc.com> > _______________________________________________ Hidden-discuss mailing list - home page: http://www.hidden-tech.net Hidden-discuss at lists.hidden-tech.net You are receiving this because you are on the Hidden-Tech Discussion list. If you would like to change your list preferences, Go to the Members page on the Hidden Tech Web site. http://www.hidden-tech.net/members -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20140826/901ad34f/attachment.html