Be Secure

Install the Google Chrome Extension for PasswordFail. This will help you be informed about websites that have been reported.

This section will continue to grow in the future...

As a Service User

Here are some helpful tips taken from Microsoft TechNet site.

  • Always use strong passwords. For more information, see Strong passwords.
  • If passwords must be written down on a piece of paper, store the paper in a secure place and destroy it when it is no longer needed.
  • Never share passwords with anyone.
  • Use different passwords for all user accounts.
  • Change passwords immediately if they may have been compromised.
  • Be careful about where passwords are saved on computers.
  • Some dialog boxes, such as those for remote access and other telephone connections, present an option to save or remember a password. Selecting this option poses a potential security threat.

Make sure you always type the correct email address on registration forms. If you fail to write the correct email, a stranger will quickly be able to know your passwords and take over your accounts.

As a Service Provider

  • Never store the user passwords in clear text.
  • Avoid storing passwords in a reversible encryption algorithm.
    • Store passwords as non-reversible salted hashes.   
  • Never allow users to retreive the original passwords by email.
  • Don't send the registration password by email on first time registration.   
    • If the user typed the wrong email address, third parties will see their personal password.
  • Make alternative procedures of resetting password based on email links or manual verification.

These are general guidelines, what the best practice is always changing and encryption routines improve. Ensure you check with your platform provider and community to find the best way to keep your users security on top.

 

This work is licensed under a Creative Commons Attribution
Powered by ASP.NET WebMatrix | Developed by Sondre Bjellås