Passwords - Social Engineering

From
Revision as of 19:31, 8 November 2004 by Schumann (talk | contribs)
Jump to navigation Jump to search

First Problem in Password Management: Social Engineering
An attack, where the hacker will extract the password directly from a person, who is authorized to access it by telling some plausible untruth is called Social Engineering.

It is also known as ‘blagging’ or ‘pretexting’. Insurance investigators for example often pretend on a phone call to be a desired victims doctor, so that they will get information concerning the victim's health and whether it will fit into insurance policys.

Solution if the information is system-based: The password shall be too long to remember and be saved in an envelope near the system. It shall be never mentioned over the network or on the phone, so that only persons will get access, who really work there.