Serious Security

SQLServerCentral is supported by Red Gate Software Ltd.

Popular Topics

Home

Members

Calendar

Who's On

Home » SQLServerCentral.com » Editorials » Serious Security

15 posts, Page 1 of 2

1 2 »»

Serious Security

Rate Topic

Display Mode

Topic Options

Author

Message

Steve Jones - SSC Editor

Posted Thursday, January 17, 2013 12:12 AM

SSC-Dedicated

Group: Administrators
Last Login: Yesterday @ 1:47 PM
Points: 31,406, Visits: 13,722

Comments posted to this topic are about the item Serious Security

Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help

Post #1408176

SQLRNNR

Posted Thursday, January 17, 2013 12:24 AM

SSCoach

Group: General Forum Members
Last Login: 2 days ago @ 1:46 PM
Points: 18,732, Visits: 12,329

I think that security is the duty of all involved from end-user to developer. However, one thing to consider in the economics of security is the annoyance and cost of too much security. There is a balance and going overboard will likely drive a bunch of users away.

Jason AKA CirqueDeSQLeil
I have given a name to my pain...
MCM SQL Server 2008

SQL RNNR

Posting Performance Based Questions - Gail Shaw
Posting Data Etiquette - Jeff Moden
Hidden RBAR - Jeff Moden
VLFs and the Tran Log - Kimberly Tripp

Post #1408181

call.copse

Posted Thursday, January 17, 2013 2:43 AM

Ten Centuries

Group: General Forum Members
Last Login: Yesterday @ 6:33 AM
Points: 1,080, Visits: 687

I work with one client which has so many layers of security and training to access their network, it has taken me 2 days on occasion to even gain access to what I need. There's education and online training, dire warning of consequences of misuse etc etc.

Unfortunately the effect is that people tend to quietly share account details simply to get the job done. I guess it's a tricky balance. I'm pretty disciplined but probably even then, I know, not as rigorous as I might be.

Post #1408247

D.Oc

Posted Thursday, January 17, 2013 5:44 AM

Ten Centuries

Group: General Forum Members
Last Login: Monday, May 06, 2013 4:10 PM
Points: 1,053, Visits: 6,426

I use Keepass for storing my passwords, it is only way to remember them all.
For example, password for my Gmail acc. is 56 characters long and I'm changing it every 2 months.
I use shorter passwords for forums, it's all about priorities.

-------------------------------------------------------------
"It takes 15 minutes to learn the game and a lifetime to master"
"Share your knowledge. It's a way to achieve immortality."

Post #1408366

bj_fentress

Posted Thursday, January 17, 2013 5:55 AM

Forum Newbie

Group: General Forum Members
Last Login: Thursday, January 17, 2013 8:14 AM
Points: 4, Visits: 10

Hey Steve,

Great post on security! I do use password safe here at work religiously, but I was curious if there was something out there that does the same thing on a mobile device (ie. idevice, droid, ect.)? Does anyone know the good ones from the crapware out there?

Thanks!
B.J. Fentress
@bjfentress

Post #1408369

thisisfutile

Posted Thursday, January 17, 2013 6:30 AM

Valued Member

Group: General Forum Members
Last Login: Yesterday @ 9:15 AM
Points: 56, Visits: 487

We have a credit card application that requires password complexity and that it be changed every 90 days and I imagine all of them are required to do this because of regulations deep in the bowels of the PCI compliance documentation. If I can find a software that doesn't require this, I'll switch. In the meantime, a post-it note is nearby (though not stuck to the monitor). Dito for our banking software (that only allows deposits...no check writing allowed).

The human factor will always override the digitial factor.

Post #1408391

Barry Wright-268269

Posted Thursday, January 17, 2013 7:46 AM

Forum Newbie

Group: General Forum Members
Last Login: Tuesday, January 29, 2013 1:52 PM
Points: 6, Visits: 97

It seems to me that a big factor in this is just password fatigue. We have so many password "protecting" things from the very important like bank accounts and company data to trivial things like this forum, frankly, and other such stuff. Of course, some passwords are to protect the user and some are to protect the data provider. Personally, I am far less conscious about passwords when it is to protect the provider for knowledge bases, etc.

Post #1408427

Steve Jones - SSC Editor

Posted Thursday, January 17, 2013 8:12 AM

SSC-Dedicated

Group: Administrators
Last Login: Yesterday @ 1:47 PM
Points: 31,406, Visits: 13,722

bj_fentress (1/17/2013)

I use pwsafe on iOS. Syncs with my Password Safe syncs on laptop/desktop with Dropbox.

There's a few here: http://pwsafe.org/relatedprojects.shtml

Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help

Post #1408441

bj_fentress

Posted Thursday, January 17, 2013 8:14 AM

Forum Newbie

Group: General Forum Members
Last Login: Thursday, January 17, 2013 8:14 AM
Points: 4, Visits: 10

Awesome! I will check it out! Thanks!

Post #1408447

cksid

Posted Thursday, January 17, 2013 8:52 AM

Grasshopper

Group: General Forum Members
Last Login: Monday, May 13, 2013 9:42 AM
Points: 23, Visits: 196

1password from https://agilebits.com/onepassword. I have it on my work computer, home PC and desktop, android phone. And it is updated between all three computer automatically.

It will give you randomly generated password and is used directly in the browser (Firefox, Chrome and IE).

I've used it for the past three years. Supports PC, Mac, Android and IOS.

Post #1408473

« Prev Topic | Next Topic »

15 posts, Page 1 of 2

1 2 »»

Permissions