LandzDown Forum

Hi Brynn!

Having a limited user account activated when connected to the internet is an extremely intelligent practise.
It's possible to manage activities that needs a higher priority e.g. if one uses the "Run As" command under the Start-meny.

It's powerful as an extra layer of defense if someone manage to sneak into your computer from the internet.
That someone will be granted the same authorities as the account that your using and therefor a strongly limited account is a smart practise.

In the same time it's important that (at least) the administrator account is protected by a strong password with both capital and noncapital letters, numbers and special signs like for instance !"#¤%&],?[ etc.

Strong passwords are not to hard to remember if you use the first letters/numbers/signs in a sentence that makes sence to yourself.
An example could be: So happy to be the number one Salesman, and for having a 20% raise.
Password: Sh2btNo1S,&4ha20%r

There are specific programs available on the net when someone wants to find out which password is being used, and the time it takes to find it out depends on the complexity of the password, i.e. how many combinations that has to be tested.
A good strong password may take days or even weeks to find out, depending on the equipment that are being used by the offender.

A PC with Windows 2000 or XP without SP2 installed has as a default even an administrator account with a blank password.
How many nano-seconds it takes to take over such a computer, once your inside, is not to hard to guess.

Jason

i agree with the strong admin password and suggest that you make a password rescue disk !

http://members.accessbee.com/mitch/small_documents/XPRecoveryDisk.html

and keep it in a secure area !!!!!!!!!

(note: from the "phantom finds" area of my site

Off topic a bit, but while speaking of passwords, how many people use the same password for their email, banking, forum memberhips, etc.?  I hope no one does.  Using something along the lines of Jason's tip, I use a different password for each forum that I belong to (and that is quite a few!).  Of course I use a stronger passy for online bank access and a different one for email.  Hey, ya never know.

Oh geez!  A friend of mine, with whom I'm trying to build a website, uses the same username and password for EVERYthing.  And it's such a simple password, I'm surprised she hasn't been attacked yet.  I'm just glad that all the admin powers for the "site" are under my email address and password!

Thanks again, everyone.

I use all different passwords but I am surprised I remember them all.

At work I regularly undertake the auditing of passwords using commercial and freeware password "recovery" tools (please don't ask me to name them, I am not in the business of defeating security measures) and over the years two factors have become startingly apparent:

• The time taken to "brute force" passwords has dropped alarmingly with the increase in processor power
• My users will continue to defy policy and use dictionary based passwords like "rover" and "man_united" if they think that they can get away with it

As a result we have instituted smartcard (two factor) authentication for logging on to the corporate network but I fear for their safety when the users are doing their online banking from their home machines, there is a wealth of information available on how to construct a secure password - in addition to mitch's opus work sites such as http://its.med.yale.edu/security/pswd.html are easy to read and understand - and they should be compulsory reading for anybody who connects a machine to the 'net.