Sign up for our Technology Newsletter 
Is Changing Your Password Often A Good Idea?
Comments Off on Is Changing Your Password Often A Good Idea?
Carnegie Mellon University professor Lorrie Cranor, who is the US FTC’s technology guru, has debunked a myth that it is a good idea to change your password often.
Talking to Ars Technica she said that while frequent password changes can lock hackers out they make make security worse.
She told the BSides security conference in Las Vegas that frequent password changes do little to improve security and very possibly make security worse by encouraging the use of passwords that are more susceptible to cracking.
A study published in 2010 by researchers from the University of North Carolina at Chapel Hill more or less confirmed her views. The researchers obtained the cryptographic hashes to 10,000 expired accounts that once belonged to university employees, faculty, or students who had been required to change their passcodes every three months. Researchers received data not only for the last password used but also for passwords that had been changed over time.
By studying the data, the researchers identified common techniques account holders used when they were required to change passwords. A password like “tarheels#1″, for instance (excluding the quotation marks) frequently became “tArheels#1″ after the first change, “taRheels#1″ on the second change and so on. Or it might be changed to “tarheels#11″ on the first change and “tarheels#111″ on the second. Another common technique was to substitute a digit to make it “tarheels#2″, “tarheels#3″, and so on.
“The UNC researchers said if people have to change their passwords every 90 days, they tend to use a pattern and they do what we call a transformation. They take their old passwords, they change it in some small way, and they come up with a new password.”
The researchers used the transformations they uncovered to develop algorithms that could predict changes with great accuracy.
A separate study from researchers at Carleton University showed that frequent password changes hamper attackers only minimally and probably not enough to offset the inconvenience to end users.
Courtesy-Fud
Office 365 Goes Yammer
June 21, 2013 by admin
Filed under Around The Net
Comments Off on Office 365 Goes Yammer
Microsoft has taken the first step in its integration roadmap for SharePoint and Yammer, allowing Office 365 customers to swap SharePoint Online’s activity stream with Yammer’s.
This first, modest integration point will let SharePoint Online users click on the Yammer link and launch a separate browser window where they’re asked to sign in.
Later this year, Microsoft will deepen the integration with a single sign-on and the addition of Yammer to the main Office 365 interface, which will begin to merge the two products’ user experience.
Next month, Microsoft will release a Yammer application for SharePoint that will let users embed a Yammer group feed into a SharePoint site. The application will work both with SharePoint Online and with the on-premises version of the server SharePoint 2013.
Also in July, Microsoft will provide instructions for replacing the SharePoint 2013 newsfeed with Yammer’s.
For now, the first integration step in optional, but Microsoft is strongly suggesting that Office 365 customers make the activity stream switch to Yammer.
“Our recommendation is to use Yammer, since it’s our big bet for enterprise social, and we’re committed to making it the underlying social layer for all our products,” wrote Christophe Fiessinger, a Microsoft Office Division product marketing manager, in a blog post.
Customers should also accompany the technical change with an outreach effort to promote the benefits of using the enterprise social networking features of Yammer, according to Fiessinger.
“To drive adoption and really get the value out of Yammer, you need a strategy, advocates, and openness to the way it will transform the way people in your organization work and communicate,” he wrote.
Microsoft bought Yammer for $1.2 billion in mid-2012 in order to boost the development and availability of enterprise social collaboration features in SharePoint and in other Office and Microsoft business software like the Dynamics applications.
Microsoft makes a convincing case for the benefits of integrating Yammer with SharePoint and its other software to provide a common social collaboration layer, but the process is clearly complicated and will take years.
Passwords Continue As The Weakest Link
Comments Off on Passwords Continue As The Weakest Link
Passwords aren’t the only failure point in many recent widely publicized intrusions by hackers.
But passwords played a part in the perfect storm of users, service providers and technology failures that can result in epic network disasters. Password-based security mechanisms — which can be cracked, reset and socially engineered — no longer suffice in the era of cloud computing.
The problem is this: The more complex a password is, the harder it is to guess and the more secure it is. But the more complex a password is, the more likely it is to be written down or otherwise stored in an easily accessible location, and therefore the less secure it is. And the killer corollary: If a password is stolen, its relative simplicity or complexity becomes irrelevant.
Password security is the common cold of our technological age, a persistent problem that we can’t seem to solve. The technologies that promised to reduce our dependence on passwords — biometrics, smart cards, key fobs, tokens — have all thus far fallen short in terms of cost, reliability or other attributes. And yet, as ongoing news reports about password breaches show, password management is now more important than ever.
All of which makes password management a nightmare for IT shops. “IT faces competing interests,” says Forrester analyst Eve Maler. “They want to be compliant and secure, but they also want to be fast and expedient when it comes to synchronizing user accounts.”