Home » Posts tagged "TED"

Tag Archives: TED

Password Security

Posted on by Posted in Editorial 3 Comments

An article in the Metro newspaper I picked up on the tube recently once again made the point about just how easy it is to hack most peoples web accounts.

I know this is true because, even though I know better, a little over a year ago I was sharing a password between multiple sites and my Apple ID got hacked. They got £30 of gift vouchers and Apple didn’t refund the money – I got away lightly – a friend lost over £100!

But it’s not just the financial loss, you could well be putting your friends and colleagues at risk too! If your Facebook/LinkedIn/Hotmail account is hacked then this can be used to post to your friends – “visit this site” or “open this document” and because it comes from you, someone they trust, they open it – but this installs a virus or a trojan and their credit card is stolen and their details are exploited – and it is partly your fault.

So what to do? Well the first thing to do is make sure every and every site you use has a different and difficult password. Here is an example of the type of thing I mean:

/hFh=e5FvXx9-85YTeH6-Q5hq:-S<9

and I have over 350 logins to deal with!

This is not as difficult as you might think. I use a password management application. In my case it is mSecure but this there are plenty out there to choose from (see a list at the bottom of this page). Most of the packages offer a desktop and smart phone version and allow you to sync them up (which you should do regularly).

Typically you fill in four fields; A description e.g. the site name, the URL of the site, your username and your password. One of the main features here is that the app can generate a password for you. My default password setting is for a generated password to be 30 characters long with a mixture of upper and lower case characters, numbers and special characters, just like the one above. When you need to use this password you can just cut and paste it from the app into the password field of the website and not have to worry about typing it all out.

When I started using a password manager I made sure that for a couple of weeks every time I went to a website that it was in the password manager – very quickly I had done the majority of the sites that I use – but I still keep finding the odd one that I haven’t changed yet.

Of course this is not perfect – you now have all your passwords in one place and you could lose you phone etc. so here are some of the other things that you need to do to make it secure

  • Make sure that the app you use autolocks after a short time
  • Make sure you set a secure (memorable) password for the application
  • Make sure your telephone locks after a short time
  • Do not use your credit card pin for your phone pin
  • Do not use your alarm system pin for you phone pin
  • Enable the ‘Find My Phone’ and  ‘Remote Wipe’ features if your smart phone has one (e.g. Apple)
  • Use a ‘wrong’ answer for popular reminder questions –  What is your mothers maiden name? slartibartfast – why because the real answer is a matter of public record
  • Don’t use pattern pins and passwords e.g. 0000, 1234, 2580, etc.
  • Don’t use familiar words – family member names, car registrations, telephone numbers, etc.
  • Change your passwords periodically

Some other considerations:

  • Do not use your work email address for any personal transactions – setup one specifically for this with someone like Google – but make sure it is someone you feel you can trust.
  • Setup the recover password options on your private email just in case it gets hacked
  • Make sure that your e-mail password is really secure – if I can use your e-mail I can then visit other websites and reset your password by asking the website to send me a new one because I have forgotten the old one.
  • Avoid saving your contacts and credit card details – you might keep them on sites you use regularly but many sites you will only ever use once and they don’t need to have this information
  • When making transactions on the web make sure you use secure sites (i.e. with https:) wherever possible.
  • When you get rid of a computer or smart phone make sure you wipe it – check with someone if you are not sure how to do this
  • Make sure that social networking accounts are set up for privacy and are secured as much as possible
  • If the site offers Two Factor Authentication – use it!  e.g. PayPal lets you log in but before you can see any information it sends you a text with a four digit pin number in it. Only once you have entered your username, password and the pin will it let you see any information
  • Don’t save passwords on computers – or if you do only save passwords on computers you own and preferably that need a password to log into as well. Be aware that when using a public computer or a friend or colleauges computer that they may have set it up to automatically save passwords without prompting you.
  • Shred any paperwork you would put in the bin – especially printouts from your on-line shopping

So there it is – just a start to making life a little more secure – there is much more that can be done but life is a balance of the risk against the convenience and despite everything that is said about protecting yourself very few of the people do even the most basic things.

And if you are wondering what that has to do with Data Management & Warehousing – the answer is very little but I constantly seem to be asked about this by friends or receiving e-mails from friends where there account has been hacked! You might also like this article about Facebook – An Introduction To Social Network Data. If you are interested in Business Intelligence, Management Information and Data Warehousing feel free to look around.

What the future might hold …

And what xkcd.com makes of it all

Other Password Managers

Here are some password management applications I am aware of – I’ve not tried them (other than mSecure) so this is not an endorsement of any of them

When you are looking for a password management application check that:

  • It stores the data in an encrypted format
  • Does not share any data with their website
  • Automatically locks the application after a short time
  • Requires a separate password to use the application
  • Can sync between your desktop and smart phone if you have one
  • Is downloaded from a reputable source (e.g. the Apple App Store)
  • Check that the app has an autowipe feature if the password is entered incorrectly too many times

The project wiki – a cost reduction tool

Posted on by Posted in Editorial Leave a comment

Some readers will be familiar with TED: Ideas Worth Spreading a series of talks on just about everything worthwhile in Technology, Education and Design. I recently revisited Yochai Benklers talk on the new open-source economics from 2005 where he explains how collaborative projects like Wikipedia and Linux represent the next stage of human organisation.

The principle discussed is one it is more productive for a large number of people to work collaboratively on producing content than it is for a single individual to do so.

In Business Intelligence projects there are a number of formal documents that need to be produced to satisfy constraints external to the project (e.g. company business processes). Data Warehousing projects often fail to satisfy two masters, firstly failing to record information and knowledge pertinent to the on-going success of the project and secondly producing too many ‘formal’ documents that are time consumingly produced by key individuals but of little value to the project itself.

Data Management & Warehousing, my company, uses something called Project Services that combines TracSVN and the ideas of the Data Warehouse Documentation Roadmap to combine a Wiki, Version Control, Ticketing and Project/Team Website. Bringing these together and using them optimally is a micro-example of the concepts in Yochai Benklers talk.

A data warehouse team can quickly and efficiently build wiki pages that record much, if not all of the information that is internal to the project. This can include the business definition dictionary, various pieces of the requirements, architecture, analysis, standards and definitions, etc. What is more in this environment it is possible to have links between wiki pages and documents and between wiki pages and the source code itself. This means that users of the system can quickly and intuitively navigate through information and, where there is missing information or inaccuracies they can fix it themselves. In the case of project services there is also a ticketing system for task, risk, issue, enhancement tracking built in to complete the project management and governance aspects. Because this approach makes it easier for users they are more willing to contribute to the overall solution and to follow the required processes.

Implementing and using a tool such as project services is key to creating a BI-on-Rails solution because whilst the strict version control and issue management can be enforced it also allows agile processes to work and strong internal communications within the team.

This article was originally published on BIonRails, another Data Management & Warehousing website