elistaka christeinah rangla

0 views
Skip to first unread message

Do Kieu

unread,
Aug 2, 2024, 7:59:40 AM8/2/24
to synchninsfessie

Essential part of the job so all the more reason to use a trustworthy
IT guy (or gal) The IT tech can be privy to some sensitive and/or
private information and has to remain private - been in the job 14
years now and my customers know their data is safe with me

jcauthorn suggested that it is mandatory for people to share account credentials with a spouse to access a shared account. If that is the case you should look for another bank. It should be easy for them to provide separate ATM cards and web and phone banking logins that both access the same joint bank account.

In the school district I support we used shared class accounts for our very youngest students who had difficulty entering and remembering an individual username and password. I never agreed with the practice, but it was standard and I believe many school districts still do it. We now have individual usernames along with a standard password based on a formula for easier teacher intervention.

Hank, did you forget anything about service-account and the functional ones (test included)?
All non-personal accounts. In fact the sharing of service/functional accounts are the ones often seen with data-breaches.

In such circumstances trust factor plays a vital role. If you have to share the account with your office colleague or a client for a project, you both should have confidence and share trust in-between each other in order to share the credentials.

May be a kind of verbal or online training will help them know the technology, where it is heading, what are the factors which are hindering its growth and other issues. This will help them in enforcing the security measures and reaping the benefits.

#1. Password reuse - Research from an Internet Security company revealed that 75% of the individuals use the same passwords for desktop authentication, emails, and social networking. This dubious habit goes against password best practices because if even one of your accounts gets exposed, it can compromise the security of all your other accounts and data.

#2. Privileged access misuse - A global IT security survey on Privileged Account Security and Compliance cites that 51% of organizations share privileged account passwords with users. Sharing privileged account credentials puts organizational security at risk by exposing customer data, financial data, and employee personal details to unauthorized users.

#3. Remember me/auto save - We live in a world where we use the Internet to carry out our day-to-day activities. Memorizing all the user accounts and cryptic passwords is complex. Thats why we let password managers in the various applications remember our passwords for us. A few shortcuts here and there cant hurt, right? Wrong! One data breach can easily feed another (i.e. sharing our desktop or email password with others can open the gates to all these accounts and the floodgates of IT security issues).

#4. Single sign-on - Single sign-on is common across the IT ecosystem. In many organizations, employees desktop user credentials provide access to various resources and applications in the organization. Likewise, Facebook or email accounts can allow you to access other websites and online resources. Sharing any one of these passwords with others practically gives them free access to bypass security to all your other applications and websites.

#5. Bring Your Own Device (BYOD) - Its the age of the mobile worker. An article in the October, 2014, Information Week cited that by 2015, 37.2% of the workforce will be mobile. And here we are. With BYOD on the rise, sharing your mobile passwords with friends and colleagues might allow them to access your organizations confidential information.

#6. Cloud computing - Cloud computing brings numerous advantages to the table like lower costs, increased productivity, faster turn-around time (TAT), etc. It puts businesses sensitive information at risk when user accounts and passwords are hacked or shared. Sharing your Cloud services password with your colleague might land your organizations confidential data on your competitors desk.

#7. Insecure networks - A 3rd-party market research firms study shows that 46% of employees admitted to transferring files between work and personal computers when working from home. Sharing your login information with colleagues might disclose your passwords to insecure home networks that are easily prone to phishing and malicious attacks.

The admin and security admin part of me cringes at this; however, I have been guilty of it in the past, when I needed to actually be productive and the security red tape was taking too long. I understand the security implications, but I also understand the need. Having said that, if there are fast and easy processes in place to get access as required, then access should never be shared.

Case 2: A public FTP server with secure login. There are situations where you would like to provide the public with access to a download resource but you do not want to deal with every indexer and bandwidth hog out there. So, you create a public FTP server but only supply account credentials to those who request it.

Case 3: An executive using a shared email/calendar account. In this case an executive may have an assistant who reads and even responds to some email for their employer as well as managing the executives appointments via a calendar service.

One of the most basic security mistakes out there is sharing account credentials and passwords. A new study finds many users are guilty of it and plenty dont even realize its a security risk.
An IS Decisions report, dramatically titled From Brutus to Snowden: Anatomy of an Insider Threat, polled users in the United States and UK on their habits around sharing credentials.

51% said they never share passwords or log-in details
23% said they shared with one or more co-worker
10% shared with a manager
10% indicated they shared them when required, and
7% said they shared them with IT.
So while only 23% of users wanted to admit to sharing passwords, plenty of others saw situations where they felt like they had to share account log-ins.

I have a similar scenario, receiving a notification on my iPhone that approx 80 of my username/passwords are the subject of a data breach. However many of my passwords on this notification are different. Ie, not the same password across all sites. I often use a similar password but with different letters or numbers at the end.

I can understand the concept of, say, a retailers website getting hacked and suffering a data breach that contains a list of all its customers including my email and password. And I get that as a precaution Apple may notify me about a potential breach for any other websites where I may have the same email & password combination. But why would I be notified of many other passwords being at risk? Is it because they may contain 'part' of the same password? But that still doesn't explain the notifications relating to my wife and sons passwords which are nothing like mine.

i bought an iphone 8 plus on ebay and right when i was signing in to all my accounts that i used before it always says its been in a data leak, i want to know if this is from me buying an iphone from ebay or if its just like those scam phone calls you get when they ask for your credit card information.

Clearly 1 causes me great concern but 2 would seem reasonable, in that there will be numerous people worldwide that would randomly choose the same 5 figure number, of which some poor sole has had their data breached.

Re-use a password, and some miscreant will now have access to that service, and whatever additional access can be gained from there. Access ro an Apple,ID (and particularly one without two-factor enabled) is a Bad Day for the account holder, too.

But to keep passwords for every websites is insane. How can we remember those passwords? If this is the solution then it sucks. Normal people can't remember each and every password (now you will tell that you don't have to remember the password but instead your phone or computer will do it. Unfortunately, Life is not that simple.

All of these work the same way. They store your passwords using strong encryption, and you only have to remember one password for the app itself to find any password and have it entered automatically into the website or app.

haveibeenpwned contacts multiple famous services such as wattpad and mathway, etc to see if they have been exposed to hackers and accounts have been sold or leaked, and might also confirm that your email or phone-number is part of that list.

Contrastingly Apple's Keychain services use a different method. Like many VPN services like NordVPN, Keychain actually references many deep web links to compromised accounts and immediately contacts the owner. Quote:

I use Roku which guests put in their own password when they check in. This system has never been a problem.
I was not aware that Netflix had a Guest option.
My concern using my own password is guests buying movies, etc. that I have read about. That has the potential to cause a huge bill with renting fees.
Bettye6

90f70e40cf
Reply all
Reply to author
Forward
0 new messages