Last weekend, Microsoft reversed its long-time recommendation that passwords should expire every few months. If your company has this policy, you know that people don’t really change their passwords. They use derivatives of the same password that are only different enough to fool Microsoft’s password history rules. ThisIsMyPassw0rd This1sMyPassw0rd1 Th1s1sMyPassw0rd3% Th1s1sMyP@ssw0rd72 The reversal speaks to a new school of thought regarding security. Instead of short and complicated passwords that are impossible for most people to remember, long passwords are preferred.
In my last post about email security, I talked about why you should have strong passwords, especially for your email accounts, but I didn’t address how. Here are some rules of thumb to help you secure your digital world. 1. Use a password manager There are a trove of password managers available. Most populare are 1Password, LastPass, and Dashlane. 1Password is my favorite. The company provides a robust product that integrates seemessly with every OS (including linux) and web browser.
We all have long and unique passwords for all of our internet accounts, right? Not according to the list of the most common passwords for 2018 with “123456” and “password” topping the list. Sure, some of those might be old accounts that aren’t important, or are they? Besides a password manager, your email password is the most important password that you have; more important than your bank and financial account passwords.
TL;DR Always use two factor authentication and add the phone numbers to your contacts. Two factor authentication (2FA), or 2 Step Verification, has become ubiqudious, and for good reason. It adds a critical layer of security in the place where we are most vulnerable: internet accounts. Dispite countless warnings and horor stories, people still use amazingly simple passwords, including “password”. By requiring something that we have (e.g. cell phone) in addition to something that we know (password), two factor autnentication reduces our reliance on a single mode of authentication.
TL;DR I hacked the Falcon sensor installer for MacOS to include the licensing information. After much research and deliberation, I decided to move from Avast to CrowdStrike Falcon for endpoint antivirus protection. The CrowdStrike platform offers increased control, visibility, and protection as well as humans on the back end to make sure that nothing slips through the cracks. I am in the process of deployment, and while it’s relatively easy to install the sensor on Windows workstations using group policies, Macs are not so easy.
In the past, I have avoided New Years resolutions becuase I perfered to have smaller goals throughout the year. Plus, there is plenty of evidence that creating resolutions around the holidays doesn’t work. Not only did I make a list of resolutions/goals last year, but I came up with a system to remember them and follow through. Start with a list I started by brainstorming a list of things that I could improve on.
Routine upgrade It was anything but. I had scheduled some maintenance time for an upgrade to our main HPC, which was still running RHEL 6. Because of the version discrepency, we had to implement work arounds for using, say, the latest version of gcc. It wasn’t ideal to say the least. By this time I had moved all of our user’s home directories to an NFS share, moved almost all applications to environmental modules, and started using Ansible for configuration, meaning that I could finally do a clean install of the new OS with minimal configuration on the other side.