Dear All
Well, what can I say?! I don't think I'll be using NI numbers for
Usernames then!!!
Thanks for all your responses - I never dreamt I'd stir up so much interest.
The reason for our concern here is that our username is the same as our
email alias and our details are also on the web (don't worry - we asked
permission first), my IT guy's worry is copied below (when asked if he
agreed with some suggestions that Username security did'nt matter):
"no. In order to get access as me you need both my username and password.
The one is useless without the other. With my email address, my photo and
my name on the web site my username is going to be well easy to work out.
Then all you have to do is use a dictionary attack to get my password.
Only a matter of time."
I now think the real security issue is the use of real names and then
numbers as passwords(eg name of your cat + 1,2,3,4 depending on how many
times you have had to 'change' it) as these can be hacked in a matter of
minutes.
Staff always moan at having to change their passowrds regularly - and
personally I have sympathy as we have to retain so many passwords in our
heads it gets very confusing if they all change on a semi regular basis
Anyway, thanks again for all your comments and advice
Paula
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|