{"id":1363,"date":"2017-11-07T11:12:56","date_gmt":"2017-11-07T10:12:56","guid":{"rendered":"https:\/\/www.digilabitalia.com\/?p=1363\/"},"modified":"2022-12-21T22:11:13","modified_gmt":"2022-12-21T21:11:13","slug":"password-security-in-the-company-starts-at-home","status":"publish","type":"post","link":"https:\/\/www.digilabitalia.com\/en\/password-security-in-the-company-starts-at-home\/","title":{"rendered":"Password security in the company starts at home"},"content":{"rendered":"

accessAn everyday situation at work: A new application requires a new user to be created and a password assigned. A few weeks later, the password expires and has to be replaced \u2013 and of course the new one has to be super cryptic. Who can remember all of this? Wouldn\u2019t it be better to have a single password for all applications and other uses, eliminating the password dilemma \u2026? Not in the least!<\/p>\n

<\/p>\n

This problem is certainly widespread and I estimate that it is \u201cnormal\u201d in at least 90% of all companies for a single password to be used for everything. \u201cThe security requirements are to blame!\u201d is the frequent response to critical enquiries. But perhaps you should first take a good look at yourself and ask yourself \u201cAm I a little lazy?\u201d. I know it doesn\u2019t sound nice, but convenient laziness is certainly often the main reason for such negligence.<\/p>\n

Approach<\/h4>\n

Let\u2019s move our focus from work to private life and ask ourselves how different user names and passwords are bypassed at home. The situation there is the same, but here there are probably more accounts than at work: WIFI password, streaming service, online shopping, and there is also an e-mail password, not to forget your smartphone, and so on, and so forth, there is no end to it. Let\u2019s start a little trial, in which everyone can participate. All you need to do is write something down, paper and pen are quite sufficient for this.<\/p>\n

Work vs. private<\/h4>\n

One column on the sheet of paper is labelled \u201cwork\u201d and a second is labelled \u201cprivate\u201d. In the respective columns, write down each application, all access data and other accounts. This provides a quick overview, allowing you to see who the \u201cwinner\u201d is. For me it was clearly \u201cprivate\u201d: this column didn\u2019t just contain twice as many entries as \u201cwork\u201d, but around six times as many \u2013 and that was only what occurred to me at the time. This little game has shown me that the amount of access data in the private environment is significantly higher than at the company.
\nA quick question: How do you handle your private access data? Is your motto for this also \u201cone password for everything\u201d? If so, it\u2019s time to change that! Yes, this is at the expense of convenience, but do you not care whether the access data is cheaply sold on underground forums and misused? If this does indeed matter to you, you might at least by now want to think about how to handle the proliferation of passwords.<\/p>\n

Paper and\/or digital?<\/h4>\n

The choice is simple because only two methods are available for the permanent storage of access data: the classic approach with pen and paper or the digital solution with a password manager.<\/p>\n

\"Notizbuch\"

Offline Notebook<\/p><\/div>\n

The paper solution has its own charm. An address book with an alphabetic index is definitely worthwhile. Someone deliberately breaking in to steal the address book, belongs to the realm of the spy films and thrillers. The biggest advantage of the paper method is clear: since nothing is digital, nothing can be digitally stolen. The biggest drawback, however, is the effort. With cryptic passwords, the fun factor is certainly lacking when you have to record 30 characters with upper \/ lower case letters and special characters by hand.<\/p>\n

Digital Password Safe<\/h4>\n

And what about the digital solution? KeePass Password Safe<\/a>\u00a0is the most widely used password manager, and manages access data locally on your own device. I do not recommend cloud password safes, because the terms cloud and safe don’t go together. However, opinions differ. I want my data to stay with me, therefore my first choice is KeePass.<\/p>\n

\"\"

KeePass Screenshot<\/p><\/div>\n

KeePass leaves you no excuses for using a single password for all access data in the private environment. Thanks to the integrated password generator, cryptic and long passwords are also possible. The principle is quite simple: passwords only have to be changed once everywhere, and from then on, only one password needs to be memorized, the one for KeePass! And that is not a problem \u2013 just write it down and the symbiosis between paper and digital is finished. But then please do not attach the Post-it note to your screen, something a little more imaginative is worth considering.
\nSo far so good, or somehow not quite? KeePass secures access to your own password database with a single password. Hmm, but which should you use, you may ask yourself. My answer would be, it must definitely be one that has not yet been used, and which is stored on paper for security reasons. \u201cAnd what if my computer is infected?\u201d, might be your next question. Well \u2026 there is no such thing as complete security.<\/p>\n

The circle is complete<\/h4>\n

Since everything at home is now clearly and simply regulated (yes, yes, unfortunately at the expense of comfort!), why not also implement the whole thing at work now? Well, you can, because KeePass does not have to be installed! There is a portable version and therefore everyone can use their own password safe at work without the need for admin access. What you learnt in a private environment is thus also easily applicable in the workplace. I can recommend this in any case, and with the \u201cfew\u201d access data my official KeePass database looks quite empty, unlike my private.<\/p>\n

Use IT!<\/h4>\n

Many employers probably already provide a password management solution and require you to use it \u2013 so use it! If everything is already set up, what could be easier than using existing applications and thus existing internal knowledge? So don\u2019t be frightened, go to KeePass and start administrating your access data. Have fun!<\/p>\n","protected":false},"excerpt":{"rendered":"

accessAn everyday situation at work: A new application requires a new user to be created and a password assigned. A […]<\/p>\n","protected":false},"author":2,"featured_media":1357,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[24],"tags":[46,104],"class_list":["post-1363","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-password","tag-unternehmen-en"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.digilabitalia.com\/en\/wp-json\/wp\/v2\/posts\/1363","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.digilabitalia.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.digilabitalia.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.digilabitalia.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.digilabitalia.com\/en\/wp-json\/wp\/v2\/comments?post=1363"}],"version-history":[{"count":0,"href":"https:\/\/www.digilabitalia.com\/en\/wp-json\/wp\/v2\/posts\/1363\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.digilabitalia.com\/en\/wp-json\/wp\/v2\/media\/1357"}],"wp:attachment":[{"href":"https:\/\/www.digilabitalia.com\/en\/wp-json\/wp\/v2\/media?parent=1363"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.digilabitalia.com\/en\/wp-json\/wp\/v2\/categories?post=1363"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.digilabitalia.com\/en\/wp-json\/wp\/v2\/tags?post=1363"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}