Passwords - Social Engineering: Difference between revisions
No edit summary |
No edit summary |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
First Problem in Password Management: '''Social Engineering''' |
|||
<br> |
<br> |
||
An attack, where the hacker will extract the password directly from a person, who is authorized to access it by telling some plausible untruth is called Social Engineering. |
An attack, where the hacker will extract the password directly from a person, who is authorized to access it by telling some plausible untruth is called Social Engineering. |
||
<br><br> |
<br><br> |
||
It is also known as ‘blagging’ or ‘pretexting’. Insurance investigators for example often pretend on a phone call to be a desired victims doctor, so that they will get information concerning the victim's health and whether it will fit into insurance policys. |
It is also known as '''‘blagging’''' or '''‘pretexting’'''. Insurance investigators for example often pretend on a phone call to be a desired victims doctor, so that they will get information concerning the victim's health and whether it will fit into insurance policys. |
||
<br><br> |
<br><br> |
||
''Solution if the information is system-based:'' |
''Solution if the information is system-based:'' <br> |
||
The password shall be too long to remember and be saved in an envelope near the system. It shall be never mentioned over the network or on the phone, so that only persons will get access, who really work there. |
The password shall be too long to remember and be saved in an envelope near the system. It shall be never mentioned over the network or on the phone, so that only persons will get access, who really work there. |
||
---- |
|||
[[Passwords - Psychology Issues|Back (Psychology Issues)]] | [[Passwords - Table of Contents|Table of Contents]] | [[Passwords - Reliable Password Entry|Next (Reliable Password Entry)]] |
|||
Latest revision as of 19:35, 8 November 2004
First Problem in Password Management: Social Engineering
An attack, where the hacker will extract the password directly from a person, who is authorized to access it by telling some plausible untruth is called Social Engineering.
It is also known as ‘blagging’ or ‘pretexting’. Insurance investigators for example often pretend on a phone call to be a desired victims doctor, so that they will get information concerning the victim's health and whether it will fit into insurance policys.
Solution if the information is system-based:
The password shall be too long to remember and be saved in an envelope near the system. It shall be never mentioned over the network or on the phone, so that only persons will get access, who really work there.
Back (Psychology Issues) | Table of Contents | Next (Reliable Password Entry)