Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Serious Security


Serious Security

Author
Message
Steve Jones
Steve Jones
SSC-Forever
SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)

Group: Administrators
Points: 40605 Visits: 18850
Comments posted to this topic are about the item Serious Security

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
SQLRNNR
SQLRNNR
SSC-Insane
SSC-Insane (22K reputation)SSC-Insane (22K reputation)SSC-Insane (22K reputation)SSC-Insane (22K reputation)SSC-Insane (22K reputation)SSC-Insane (22K reputation)SSC-Insane (22K reputation)SSC-Insane (22K reputation)

Group: General Forum Members
Points: 22804 Visits: 18262
I think that security is the duty of all involved from end-user to developer. However, one thing to consider in the economics of security is the annoyance and cost of too much security. There is a balance and going overboard will likely drive a bunch of users away.



Jason AKA CirqueDeSQLeil
I have given a name to my pain...
MCM SQL Server, MVP


SQL RNNR

Posting Performance Based Questions - Gail Shaw

call.copse
call.copse
SSCrazy
SSCrazy (3K reputation)SSCrazy (3K reputation)SSCrazy (3K reputation)SSCrazy (3K reputation)SSCrazy (3K reputation)SSCrazy (3K reputation)SSCrazy (3K reputation)SSCrazy (3K reputation)

Group: General Forum Members
Points: 2998 Visits: 1879
I work with one client which has so many layers of security and training to access their network, it has taken me 2 days on occasion to even gain access to what I need. There's education and online training, dire warning of consequences of misuse etc etc.

Unfortunately the effect is that people tend to quietly share account details simply to get the job done. I guess it's a tricky balance. I'm pretty disciplined but probably even then, I know, not as rigorous as I might be.
D.Oc
D.Oc
Ten Centuries
Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)

Group: General Forum Members
Points: 1021 Visits: 6480
I use Keepass for storing my passwords, it is only way to remember them all.
For example, password for my Gmail acc. is 56 characters long and I'm changing it every 2 months.
I use shorter passwords for forums, it's all about priorities.

-------------------------------------------------------------
"It takes 15 minutes to learn the game and a lifetime to master"
"Share your knowledge. It's a way to achieve immortality."

bj_fentress
bj_fentress
Forum Newbie
Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)

Group: General Forum Members
Points: 5 Visits: 16
Hey Steve,

Great post on security! I do use password safe here at work religiously, but I was curious if there was something out there that does the same thing on a mobile device (ie. idevice, droid, ect.)? Does anyone know the good ones from the crapware out there?

Thanks!
B.J. Fentress
@bjfentress
thisisfutile
thisisfutile
SSC Veteran
SSC Veteran (243 reputation)SSC Veteran (243 reputation)SSC Veteran (243 reputation)SSC Veteran (243 reputation)SSC Veteran (243 reputation)SSC Veteran (243 reputation)SSC Veteran (243 reputation)SSC Veteran (243 reputation)

Group: General Forum Members
Points: 243 Visits: 978
We have a credit card application that requires password complexity and that it be changed every 90 days and I imagine all of them are required to do this because of regulations deep in the bowels of the PCI compliance documentation. If I can find a software that doesn't require this, I'll switch. In the meantime, a post-it note is nearby (though not stuck to the monitor). Dito for our banking software (that only allows deposits...no check writing allowed).

The human factor will always override the digitial factor.
Barry Wright-268269
Barry Wright-268269
Grasshopper
Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)

Group: General Forum Members
Points: 16 Visits: 189
It seems to me that a big factor in this is just password fatigue. We have so many password "protecting" things from the very important like bank accounts and company data to trivial things like this forum, frankly, and other such stuff. Of course, some passwords are to protect the user and some are to protect the data provider. Personally, I am far less conscious about passwords when it is to protect the provider for knowledge bases, etc.
Steve Jones
Steve Jones
SSC-Forever
SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)

Group: Administrators
Points: 40605 Visits: 18850
bj_fentress (1/17/2013)
Hey Steve,

Great post on security! I do use password safe here at work religiously, but I was curious if there was something out there that does the same thing on a mobile device (ie. idevice, droid, ect.)? Does anyone know the good ones from the crapware out there?

Thanks!
B.J. Fentress
@bjfentress


I use pwsafe on iOS. Syncs with my Password Safe syncs on laptop/desktop with Dropbox.

There's a few here: http://pwsafe.org/relatedprojects.shtml

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
bj_fentress
bj_fentress
Forum Newbie
Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)

Group: General Forum Members
Points: 5 Visits: 16
Awesome! I will check it out! Thanks!
cksid
cksid
SSC Rookie
SSC Rookie (28 reputation)SSC Rookie (28 reputation)SSC Rookie (28 reputation)SSC Rookie (28 reputation)SSC Rookie (28 reputation)SSC Rookie (28 reputation)SSC Rookie (28 reputation)SSC Rookie (28 reputation)

Group: General Forum Members
Points: 28 Visits: 285
1password from https://agilebits.com/onepassword. I have it on my work computer, home PC and desktop, android phone. And it is updated between all three computer automatically.

It will give you randomly generated password and is used directly in the browser (Firefox, Chrome and IE).

I've used it for the past three years. Supports PC, Mac, Android and IOS.
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search