If you stored your
fortune in a safe deposit box, you wouldn’t keep the key hanging on a hook
outside your house. The same should be true of your passwords: if you keep them
written on sticky notes at your desk, they’re not safe. But even if you don’
write them down, there are many ways that someone might discover your
I look at some of
the ways your passwords might fall into the wrong hands, and give you tips on
keeping them safe. I also discuss recovering forgotten passwords, backing up
your passwords, and devising a plan to ensure that your passwords are available
in case of emergency.
In the previous chapter, we
discussed information security. After reading this chapter on information
privacy, you should realize that these concepts are very much related in
practice. Security is the protection of information against threats such as
unauthorized access to data, falsification of data, or denial of service. A
company can provide every security protection possible for your information
against these threats without necessarily having the intent of protecting the
confidentiality of your information. Thus, information privacy is different
than information security, even if these concepts are often used
interchangeably.
Technical protection is also referred
to as logical protection. A simple
way to recognize technical protection is that technical controls typically
involve a hardware or software process to operate. Let's start with technical
controls, which are also known as automated controls.
Technical protection may be
implemented by using a combination of mandatory controls, discretionary
controls, or role-based controls. Let's discuss each:
There are three broad categories of authentication:
something you know (usually a password); something you are (a unique,
measurable physical characteristic, such as a fingerprint or iris pattern); and something you have (a smart
card, token, or other device that can be identified uniquely—something I don’t
cover in this book).
Passwords provide a reasonably good way to protect access
to data and resources, but in some cases they may not be enough. After all,
passwords can be guessed, found, or stolen. So where greater security is
needed, you may want to use other forms of authentication instead of a
password—or, better yet, in addition to one.
No comments:
Post a Comment