Identity Theft is the fastest growing crime in the US according to the FBI
 

Social Engineering: The Do’s & Don’ts

Written by OSAblog on Saturday, June 20th, 2009

Hackers and crackers use a proven technique called “social engineering” to determine the passwords you use to secure your computer. This technique is extremely effective and based upon an analysis of your lifestyle.  So when choosing a password, make it as difficult as possible for someone to make educated guesses about what you’ve chosen.

What Not to Use:

  • DON’T use your login name in any form (as-is, reversed, capitalized, etc.)
  • DON’T use your first or last name in any form.
  • DON’T use your spouse’s or child’s name.
  • DON’T use other information easily obtained about you. This includes license plate numbers, telephone numbers, social security numbers, the brand of your automobile, the name of the street you live on, etc.
  • DON’T use a password of all digits, or all the same letter. This significantly decreases the search time for a cracker.
  • DON’T use a word contained in (English or foreign language) dictionaries, spelling lists, or other lists of words.
  • DON’T use a password less than eight characters.

What to Use:

  • DO use a password with mixed-case alphabetics.
  • DO use a password with nonalphabetic characters, e.g., digits or punctuation.
  • DO use a password that is easy to remember, so you don’t have to  write it down.
  • DO use a password that you can type quickly, without having to look at the keyboard.

We recommend you choose a line or two from a song or poem, and use the first letter of each word.  For example, “The answer my friend is blowing in the wind…” becomes “Tamfibitw.”

If you feel like someone is trying to get details from you they shouldn’t end the conversation or change topic.

Sean Bennett is Commercial Director at Orthus limited (http://www.orthus.com). Orthus is a leading provider of information risk professional services, helping orgnisations globally to measure, minimise and manage the information risks they face. Orthus provide end to end services for clients to comprehensivly address risk in their environments including Insider Threats, addressing issues including data leakage, sabotage and fraud; External Threats (http://www.orthus.com/dr_overview.htm) including wireless security, penetration testing, virtualisation security, vulnerability management and Secure Software Development Life-Cycle; Supply Chain Threats including securing cloud services and data processed by third parties; and Legal and Regulatory challenges including Payment Card Industry (PCI) Data Security Standard (DSS).

Article Source:http://www.articlesbase.com/security-articles/social-engineering-the-dos-donts-981940.html

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • NewsVine
  • Reddit
  • StumbleUpon
  • Google Bookmarks
  • Yahoo! Buzz
  • Twitter
  • Technorati
  • Live
  • LinkedIn
  • MySpace
  • E-mail this story to a friend!
  • RSS
  • Turn this article into a PDF!

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Technorati Tags: , , , , , , , , , , , , , , , , , , ,

  • Share/Bookmark

If you enjoyed this post, make sure you subscribe to my RSS feed!

Blog Traffic Exchange Related Posts
  • A Guide to Strong passwords To continue on a bit about the passwords I mentioned yesterday, I decided to give some pointers on what makes a strong password.  Also, a few utilities to help with the creation, besides the lastpass I referred to yesterday. The role that passwords play in securing your information is often......
  • Identity Theft and What You Can Do About It - Part Two What Should I Do To Avoid Becoming A Victim Of Identity Theft? To reduce or minimize the risk of becoming a victim of identity theft or fraud, there are some basic steps you can take. For starters, just remember the word "SCAM":   “S”  Be STINGY about giving out your......
  • Removing Malware - Stop the Spy who loves your Data and Information In order to go about removing malware, you first will need to know what malware is. Basically, malware is a malicious piece of software that has been designed for no other intention than to damage or spy on your computer without your knowledge. There are several different types of malware......
  • Internet Service Providers to Change IP Most Internet service providers (ISP) have made it part of their package to change IP. The Internet Protocol address, or the IP address, of a computer is that computer's unique address in the online network. And in offering online security and privacy to its customers, the Internet service providers......
  • Antivirus Gold Will Steal Your Gold! Antivirus Gold is a rogue security program that advertises aggressively to users. The makers of this malicious software want you to believe that it is a legitimate antispyware tool capable of removing security threats that supposedly exist, although most likely they do not. This fake will change the wallpaper on......
Blog Traffic Exchange Related Websites
 

Leave a Comment

CommentLuv Enabled

« 10 Best Practices for Secure Coding | Home | Identity Theft and What You Can Do About It – Part Two »