By Roger Dube
Rochester Business Journal
August 6, 2010
We've all read the news items: Someone's identity is stolen, bank
accounts emptied and credit cards used to make thousands of dollars'
worth of phony purchases. Individuals no longer are the prime targets of
such attacks, however. The Wall Street Journal has reported that a
growing number of small businesses are losing large sums of money
through attacks on their online banking accounts. A recent IT security
report indicated that losses of small businesses to such attacks this
year will exceed $3.8 billion.
Gaining access to accounts and information requires the attacker to
somehow get past the defenses erected around the target-a computer or
network of computers. In the final analysis, encryption algorithms
protect these systems. These encryption algorithms must be unlocked by
the use of proper credentials. Different systems require different
credentials, but the simplest ones (and likely the majority of them) use
Properly constructed passwords employ at least two lower-case
characters, two upper-case characters, two numbers that are not at the
beginning or end of the password and two special characters. These often
are difficult to remember, and users today are required not only to use
several of these complex passwords but to change them frequently to
protect against theft.
Unfortunately, people are not designed to be able to memorize long
sequences of random characters. As a result, people usually create
passwords they can remember easily-and these passwords become the
weakest link in a computer's security system. Attackers know this, and
they always attack the weakest link.
Visit InfoSec News!