Keeping and securing information

Once again, I was reminded of the importance of keeping, or remembering, your login credentials (the username and/or password).  Many times, with the ability to keep these in your software, such as automatically logging into Windows, or connecting with a VPN, a user will enter their credentials when a system is first setup, select the option to automatically use them, and promptly forget what they were.  Everything goes fine, until the day that you upgrade your PC, or have to re-setup your VPN.

With most of todays systems, although the username can usually be figured out, there is no way to retrieve the password.  The only option is to set a new password, and then change it in all of the other systems and applications that you use.  For example, for a Windows user, if the password needs to be changed to re-setup a VPN, then your email application will need to be updated with the new password, as well as your PC for it to be able to connect to your Windows server.  There may be other applications that would need to be changed, also.

While periodically changing your password is a good thing, Being forced to change it because of re-loading software seems to always come at the time that you are most busy, and do not want to take the time to change it in all the other places you are forced to.

Keep your username and password in a safe place, if you can not remember it.  Many times, I have seen customers systems with the root password (if it is a UNIX/Linux system), or the administrators password (if it is a Windows system), written down and taped to the console.  In cases like this, anyone can get in with the highest privileges, and have access to anything that is on the system.  If your system is stolen, or your cleaning service wants to get into your system, they can. Not to mention a disgruntled employee.

The best practice is to use username and password combinations that you can remember, so they do not have to be written down.  If they are written down (there should be a master list of credentials), they should be kept in a secure place.

Leave a Reply