I'm surprised that your organisation views your "current (easily guessable)
Username protocol" as a weakness. Usernames are rarely cited as being a
problem in security incidents - and in any case your systems will carry
around very sensitive usernames, eg. "root", which you cannot change. A
determined hacker would simply crack hat and then would have access to
*everything*.
The real problem is poor password practice. Users need to be educated into
using sensible "strong" passwords, which they change frequently, and don't
write on Post-It notes which they stick to their monitor or leave in the top
drawer of their desk (sometimes helpfully labelled "Password"!!!).
Like other correspondents I am certain that there is good reason why NI
numbers shouldn't be used, but I can't recall it at the moment. Personally I
would object strongly to using my NI number as a user-id - identity theft is
a real and growing problem.
Stuart Cashmore
Information Security Manager
McKesson
1 Nine Elms Lane
LONDON
SW8 5RR
Tel +44 (0)20 7819 5083 (with Voicemail)
Fax +44 (0)20 7819 5100
Mob +44 (0)7799 790019
e-mail [log in to unmask]
----------------------------------------------------------------------------
The information contained in this e-mail is confidential and is intended
only for the named recipient(s). If you are not the intended recipient you
must not copy, distribute, or take any action or reliance on it.
If you have received this e-mail in error, please notify the sender.
Any unauthorised disclosure of the information contained in this e-mail
is strictly prohibited.
----------------------------------------------------------------------------
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|