Category: Articles

Wyze Cam Security Cam

I recently decided I wanted an outdoor security camera but I didn’t want to spend much money.  After a bit of research I found a bargain camera that includes a bunch of features. The Wyze Cam can be purchased for $19.95 plus $5.99 shipping. The camera has two way audio and includes 14 days of cloud storage.  The camera will upload 10-15 second video clips every time it detects motion.  If you want to store continuous motion or more than a 15 second clip, you will need a micro SD card.  The camera supports up to 32 GB. The camera out-of-the-box  is not suitable for outdoor use. You will need an enclosure.  I bought one on Amazon for $16.99.  The camera is powered by a micro USB/USB cable plugged into a power adapter. If you want to use the camera outside, you will probably need a longer cable than what’s included.

The camera is a bargain does just what I want it to.  It sends me an alert to my android phone every time it detects motion in my driveway. I can view the clip from the phone. The camera also supports iPhones. Next, I plan to set up another cam at my front door.  When someone comes to the door, I can see who’s there and even ask what they want without needing to come to the door.

See my Youtube video for the details: Video





RCA RPJ116 Multimedia Projector for PowerPoint Review

I saw this projector in Walmart for $89. I’ve been wanting a projector for PowerPoint presentations but didn’t want to invest several hundred dollars for something I wouldn’t use very often. I wasn’t sure if this projector would do the job but I knew I could take it back if it didn’t work out. I discovered the output is a little dim but would do a half way decent job in a dimmed room.  The projector is OK for me, but I wouldn’t recommend it for someone who gives frequent presentations.  See the YouTube video for details.…

How I Passed My CISA Exam

The company I work for has been sold. Most of the technology associates expect to lose our jobs in the upcoming months. Fortunately, the companies are offering a generous severance package. As the days counted down towards business close, we were also offered in-house professional training on a variety of subjects, many of which included vouchers for certification tests. Due to low demand, CISA training was not available for in-house training but the company offered to pay for independent study classes. The company would reimburse us for the certification exam if we passed. I took several of the instructor led classes and was approved for an independent study class for the CISA.

CISA Training Classes

I selected the CISA class from Alan Keele at The class is a self-paced 180 day subscription at a cost of $449.95. He does offer a free trial lesson consisting of a pre-assessment test, training class, and a post-assessment test. I found the trial was a good representation of the general courseware. Keele’s training consists of assessment tests and narrated slides. One of the nice things about the class is the instructor is available to answer questions via phone or email. The instructor promptly answered emails, and promptly responded to a voice-mail I left.

The class is broken down into the five CISA domains plus an extra series of lessons for “Consolidated Business Continuity and Disaster Recovery Topics”. Each domain consists of multiple lessons, each with assessment tests and a final assessment test for each domain. The class offers four final exams consisting of 150 questions each (As of this writing, the CISA exam is 150 questions). You can take the assessment tests more than once, but the order of the test questions will vary each time you take the test. The final exams are random questions from a pool – each time you take the final exam you will get different questions in a different order. The recommended passing score is 95%. I passed all my assessment tests with 95%+ but did need to take a few more than once. My final exam scores ranged from 85-93%.

The material seemed to be geared towards helping the student answer test questions. The slides are narrated and  consist mostly of a bunch of test answers without the questions. When I spoke with Keele on the phone, he told me that was the strategy for helping students pass the exam. Since the exam is multiple choice, if the student could recognize the answers, the student will be able to recognize the answer even if the questions were unfamiliar. The CISA test is multiple choice – only one correct answer per question. The assessment questions from the class are in multiple formats including multiple choice, true-false, matching, and “select all that apply” (multiple answers for a question). Although not all class questions are multiple choice, the instructor told me his question/answer format is an easy way of combining multiple questions into one.

After the student answers an exam question, the instructor would provide text and narrated answers. In most cases, the instructor read the correct response, but did not provide much of an explanation. In some cases, the instructor would point out questions and answers that were plain silly and that ISACA’s answer is not always the same the way as an experienced professional would answer. I noticed this when I took the test and I’ve heard the same thing from other people who have taken the exam.

The wording on the narration and slides were quite formal. This format was useful for some of the test questions but not helpful for a true understanding of the material. I found myself going to Youtube to get a better understanding. In my search, I found a series of short lessons from Hemang Doshi. Doshi has a very thick accent and my first inclination was to stop watching and look for another video. I decided to watch his video and found his video very helpful for an understanding of the material. Doshi’s videos do an excellent job of explaining the concepts in very simple terms. He uses a keyword approach – “if you see this keyword”, then “look for this answer”. Doshi’s videos are simple – a question, keyword, answer approach compared to Keele’s formal approach. I found both classes together to be instrumental in my passing of the exam. I did find the practice tests and material from the two to be very similar, but the approach used in the lessons were quite different.

Doshi has quite a few videos, here is a nice sample of several of his videos:

Doshi also has a mostly free site. The site consists of videos, flash cards, study material with assessment test for each domain, and a final 150 question test covering all domains. The site also has a “30 day strategy for CISA Success”. The 30 day strategy is a series of 10-20 questions to be taken one test per day over a period of 30 days. He asks for $30 for the “30 Day Strategy” to be paid upon passing the exam. No credit card or registration is required to take the lessons. Just pay after you pass the exam. I opted for this training, but in hindsight the site offers so many practice tests, it probably wasn’t really necessary to take the 30 day strategy. Since I did use the material and passed my CISA, I did pay the $30 upon receiving my score.


The site is supported by pop-up ads and I received virus warnings when some of the ads displayed. The site itself seems to be fine but the pop-ups may not be. My recommendation is to have a good virus checker and close the pop-ups before they have a chance to populate. I would have recommended a pop-up blocker but the practice tests don’t work properly with a pop-up blocker on.

WARNING – Be careful when going to the …


Pitney Bowes stamps on QL-700 no monthly fee

I recently purchased a Brother QL-700 label printer on sale at Staples for $39.99. A pretty good deal. As I was reading through the promotional material, I discovered that I could sign up for the Pitney Bowes pbSmartPostage service for no monthly subscription fee. I’ve always wanted to be able to print my own stamps, but I could never justify paying a monthly subscription fee. This was my chance. I went to the Pitney Bowes site to sign up. Hmmm, there’s nothing here that lets me sign up without paying a fee. It took a Google search to find the “free” sign-up link. That’s.

I went to the site and was redirected to the sign-up URL. Sign-up was pretty easy, It didn’t ask even me for a credit card. Just enter a few personal details such as name, email address, and physical address (no PO Boxes allowed). I don’t know if I did something wrong, but during the process it said they were going to send me a free welcome kit, then proceeded to display an invoice showing $0.00 for the welcome kit with $10.00+ shipping charge. How are they going to get the shipping charge from me? Didn’t ask me for a credit card. Well, they never charged me but they never sent me the kit either.

Now that I had access to the site, I was able to get an idea about how the plan actually worked. I already knew I had to buy my label rolls from Pitney Bowes. The choices at this time are $17.99 for 200 labels or 39.99 for 1000 labels. Plus tax. Do the math. $17.99/200 + Tax = more than $.09 per stamp. The other options are less expensive but still add quite a bit to the cost of the stamps. The labeler detects the kind of rolls, so the software won’t let you print stamps on “unapproved” rolls. You do get ½ cent discount on postage but the discount does no good when you’re paying such a high price for the supplies.

If you’ve seen pictures of the printed stamps, you may have noticed an orange stripe at the top that says The stripe comes pre-printed on the rolls. That’s fine for the stamps, but if you intend to print both stamps and labels on the same roll, then your labels will have the orange stripe too. The alternative is to switch rolls every time you switch between labels and stamps.

I later learned that you can buy stamp sheets for $7.49; 5 sheets, 25 labels per page, 125 labels in all. You can print the stamp sheets on a regular laser printer. The gotcha is the sheets come with serial numbers. In order to print on the stamp sheet, you need to enter the serial number of the sheet.

You end up paying for the “free” service by paying and inflated charge for supplies. If you pay the hefty charge for the fee subscription, then you can print the stamps directly on the envelope and avoid the hefty charge for the stamp rolls and sheets.

Ordering supplies is relatively easy, just enter your credit card number and order. Pitney Bowes didn’t charge me for shipping, but they did add tax. I ordered the $17.99 roll on the weekend and it arrived in the mail on Thursday.

In order to pay for stamps, you need to fund your account. When you click on “Add Postage”, it will tell you have no funds. You can set up a Reserve Account or enter your credit card information. THEN you can fund your account. It gives you several options for funding with specific dollar amounts of $20, $50, or $100 or you can enter your own amount. BUT… the amount needs to be in even dollar amounts and it won’t let you enter an amount less than $10.00. It does maintain your account in ½ cent increments. When I printed a single stamp, it decremented my account by 46 ½ cents.

I was really disappointed when I discovered the available postage classes were very limited. It allows various types of first class mail up to 3 ounces and media mail. That’s it. One of the main reasons I signed up is so I can print Priority Mail stamps. Tech support informed me Priority Mail requires a bar code, and bar codes go on the address label. Since the basic service doesn’t print address labels, no Priority Mail.

If I knew then what I knew now, I probably wouldn’t have signed up for the service. Printed stamps are very expensive, and the types of mail you can send are very limited. The only thing you MIGHT get is the convenience of not having to go to the post office to buy stamps.


Check out my YouTube video


How I got to WordPress

Several years ago, I led a three state district of a worldwide communication and leadership organization. One day I received a call informing me our website was being used as a base to attack other websites. We were hacked. We immediately shut down our site and began investigating alternatives for a new website. We rehosted our site and choose Joomla as the Content Management System. As I was learning about Joomla, I decided to build a personal Joomla website. Once I got my site going, I rarely updated it. Eventually my personal Joomla site was hacked (vandalized). Luckily it was a simple fix to restore the site. I changed the password but over a few months it was hacked two more times. When I eventually updated the version of Joomla, the hacks stopped.

Then I got a call from my hosting provider. They encouraged me to upgrade to a new hosting plan. They offered me a “deal” to switch. In order to switch plans, I would need to rehost and rebuild my site. I was apprehensive about that idea but eventually decided to make the switch. I allowed a couple of weeks before my old plan expired to convert to the new plan. The conversion was actually fairly painless. I got my new site up and running with plenty of time to spare.

Since I hadn’t made any updates in quite a while, I decided to make some changes. I ran into a technical issue and called tech support. Customer Support did manage to help me resolve my problem but they told me they don’t get many calls for Joomla. The majority of their customers were on WordPress. I was still running on a very old version of Joomla so I decided to upgrade. I spent quite a bit of time searching for a new Joomla template but couldn’t find one I liked.

“Can’t find a template I like”

“Most of their customers are on WordPress”

“I’ve been hearing a lot more about WordPress lately than Joomla”

The organization I belonged to switched to WordPress a long time ago, and a friend’s site was on WordPress.

I decided to make a switch. I purchased a couple of “temporary” domain names to use while I built my new WordPress sites. My primary Joomla based domains remained active while I learned, installed, and customized my new WordPress, sites. Then I copied the articles from my Joomla site and posted them into my new WordPress site. When I got new my WordPress site looking the way I wanted it to, I pointed my primary domain names to my new WordPress site. My conversion to WordPress was successful.

Getting my WordPress site has been quite a learning experience. I couldn’t have done it without a couple of my best friends. Google and YouTube! See my YouTube videos about how to build a WordPress site on Godaddy.


Do You Fear Public Speaking?

Fear of public speaking is a very common ailment. There’s actually a name for it: glassophobia. Maybe fear isn’t always the exact word. How about aversion to public speaking? Anxiety? Discomfort? Stress? “Just not your cup of tea”? Do one of these apply to you? Why?

Fear is a normal human emotion. Fear warns us of danger – it’s a survival instinct. Consider the fear of riding a motorcycle down the highway during rush hour at 110 mph with no helmet. What would failure entail? Loosing control of the motorcycle? Crashing? What would be the result? It would probably be serious injury or death. Now, that would be a rational fear.

Now consider a public speaking engagement. What would failure at this engagement entail? Putting forward a poor performance? Making a mistake? Freezing or forgetting? What would be the result? Embarrassment maybe, but serious injury or death would be very unlikely. This does not necessarily mean glassophobia is an irrational fear, but the fear of public speaking is definitely not part of the human survival instinct. Not in the life or death sense anyway. Therefore, consider fear of public speaking as an unnecessary fear.

Fear of public speaking can be detrimental to your career. Think about what would happen if you were called upon in a meeting and couldn’t speak. What would happen if you had that “great idea” and couldn’t present it – or worse – someone else, a rival, could and did? These are examples of why fear of public speaking can hinder your corporate survival.

The best way to overcome an unnecessary fear is to face it. Start by selecting a topic you know about or would like to know about. Then prepare a speech. Research the topic thoroughly so you know it inside and out. Then practice in private. Practice over and over and over. One of the key elements of overcoming the fear of public speaking is preparation. The keys to preparation are to thoroughly research your topic, then practice, practice, practice. When you are comfortable with your speech and your material, practice in front of in front of family or a few close friends. The more prepared you are, the less fear you will have. You will likely find practicing in front of even one or two people can be completely different than practicing by yourself. Ask those people for feedback. Even if they don’t understand technical material, they may be able to comment on your delivery. They may notice idiosyncrasies you weren’t aware of. Then ask a trusted colleague to listen to you practice. Your colleague may be able to comment on your technical material. As you receive feedback, revise, revise, revise, then practice, practice, practice.
Listen to the advice of your family, friends, and colleagues but remember you are the one giving the presentation. If the advice makes sense, follow it. If the advice doesn’t make sense or doesn’t match your personal style, don’t follow it. If you receive contradictory advice, use the advice that makes the most sense to you. Use your judgment and be comfortable in your own skin. Being comfortable in your own skin is an important step in overcoming the fear of public speaking.

As you practice, revise and improve your speech. Eventually you will know your material inside and out. Then you can begin to put aside fears of failure. Imagine the audience listening attentively. Imagine the applause you will receive at the end of your speech. And you WILL receive applause. As you imagine success, your confidence will grow. Ever hear the advice for nervous speakers to imagine the audience members in their underwear? If that works for you, then use it, but better advice for most speakers is to imagine success. Your audience is on your side. They want you to be successful. Almost as much as you do.

When the day of your presentation comes, don’t worry about being nervous. Keep in mind that even experienced speakers will feel some degree of fear and nervousness. A little nervousness is actually desirable. Your nervousness will cause your body to release adrenaline. That adrenaline will help get you “pumped”, which will help your passion and enthusiasm shine through.…


Updated: Porting a Home Telephone Number with Verizon

I originally ported my Century Link number to magicJack. With a few minor annoyances, my port to magicJack did the job. magicJack costs about $35.00 a year. Google Voice is free so I decided to port my magicJack number to Google Voice. Well you can only  port a mobile phone number to Google Voice.  Google Voice will not accept ports from landlines or VOIP services.  The trick is to port your number to a mobile no-contract phone, then port the no-contract phone to Google Voice. The cost is about $10-$20 for a phone (such as TracFone), then about $10.00 for minutes, and $20 for the Google Voice port. I did that and was ultimately successful, but getting there was a major ordeal.
See my YouTube video here:

My original article is here (before I ported to GoogleVoice):

Verizon offers a Verizon Home Wireless service. If you’re already on the Verizon Plan, adding Home Wireless is about $20 extra + tax and fees. That’s a lot less than a landline. My plan was to port my Century Link Home telephone number to Verizon.

In theory, I should be able to do that.  Verizon informed me that due to “monopoly regulations” they were unable to port my Century Link phone number to Verizon. They could port other Century Link customers but couldn’t port anyone on my exchange.  All the literature I read said phone service providers are required to allow porting. Century Link said they weren’t preventing the port, Verizon said Century Link wasn’t blocking the port. They were unable to port due to an “anti-monopoly law”.

I called the FCC.  The FCC tried to be helpful but was unable to give me an explanation. They did say there were exceptions to the rule that required providers to enable porting from one provider to another.

I’ve been using my home phone number for 30 years. Changing my  home phone number would have been a big deal. I didn’t want to give up my landline number. Then I tried porting my number to MagicJack. Magic Jack is a VOIP service, costs about $40 a year. It cost about $25.00 to port my home number to Magic Jack, Magic Jack couldn’t receive incoming calls for several days while the porting was being processed, but after a few days, my number DID port to Magic Jack. Then, I forwarded my number on MagicJack to my new Verizon Home Wireless number. Now when someone calls me on my old home number, it will ring on my Verizon.

So now I have two numbers. My old home number and my new Verizon number. If I call from Verizon the CallerId will show my new number instead of my old number. If someone calls me on my old number, it will ring on my Verizon Home Wireless phone . At least my old number is still valid and I don’t need to inform EVERYONE to use the new number. Be aware that Magic Jack limits calls to about 1 hr. If someone calls you on your old number, and it ends up being a long call, Magic Jack will hang up on you.


My ITIL Certification 0

My ITIL Certification

The first time I saw a job posting that listed ITIL as a “desired” qualification, I had no idea what ITIL was. I looked it up and took note of its meaning but never followed up. ITIL as a job requirement was rare. But since then, I’ve been seeing ITIL regularly. Lately I’ve been noticing more and more IT jobs listing an ITIL certification as a required or desired qualification. On one occasion after I followed up on a reume submission, I was informed that I was not considered because ITIL was a requirement. That’s when I decided maybe I should start looking more into ITIL. And I did. A little. Then I was questioned about my ITIL knowledge at a job interview. At least I knew what it was! I even scored some points for that. Well that’s when I decided to get serious about studying for my exam. So I spent some time each day reading, and researching and studying. Then I was asked about my ITIL knowledge at another interview. We’ll I’m almost ready for my exam I told them. Is the test hard, what was the test like I asked? That’s when I really started preparing. Today I passed my ITIL Foundation exam. I am going to share my experience.

First of all, just what is ITIL?

ITIL is a framework of best practices for managing an IT department. ITIL has evolved over the years, the curent version is ITIL V3. The details of the ITIL framework are published in a set of 5 volumes by the UK government Office of Government Commerce. The philosophy of ITIL is pretty simple. Do not think of an IT department as a provider of technology, think of IT as a provider of services. Services that offer value. The ITIL framework is built around the concept of services. The five ITIL volumes are Service Strategy (strategic alignment of IT with the business), Service Design (designing IT services), Service Transition (change management and putting IT services into production), Service Operation (delivery of IT services, problem management, service desk), and Continual Service Improvement (re-evaluating services, keeping them aligned with changing business needs, improving as necessary). The cost of the set is about $599. Companies that desire to follow the ITIL framework do not incur costs other than the cost of human expertise and the cost publications (the official set or otherwise). The material is copyrighted and NOT considered public domain.  There is no charge to use the material, but copying or republishing the material or certain uses of the ITIL trademark requires a license. Individuals wanting a certification or ITIL knowledge do not need to buy the official set. There is a wealth of books and plenty of information on the Internet. I used a variety of sources: Foundations of Service Management, The Unofficial ITIL V3 Foundations Course in a Book By Brady Orand $39.20 on Amazon. He also has a website, with podcasts and practice tests (more on practice tests later).
There is a free online course from Charles Sturt University

There are over 90 Youtube videos 5-10 minutes each. They cover a lot of material. I went through the set when I first started studying and again the week before I took my exam.  I also used the ITIL V3 Foundation Complete Certification Kit 2009 Edition by Malone, Manken, and Blodijk $89.97 on Amazon. It’s a book supplemented with online Adobe Flash modules. Note: I used a PDF copy of the book I managed to find on-line; I did not use the Adobe Flash modules. This website has terrific information on where to find free study guides and study materials: I put together a study PPT from materials I found on-line. The format is a slide asks a question, the next slide gives the answer. Pay particular attention to the checked questions. Use the slides at your own risk. It helped me pass, if you fail the exam, don’t sue me.

Click for Study Slides

The Exam The exam is 40 questions, multiple choice (A, B, C, D). Only 26 (65%) is required to pass. I did MUCH better than 65%. You get 1 hour to complete the test.

There are quite a few free few practice exams on the Internet. Just Google and you will easily find several. What I found is, many of the practice test formats are different from the ITIL exam (true/false, check the box, matching, more than 4 choices). Study them any way, they will pinpoint areas you still need to study.

I found many questions on the actual exam to be a worded a little differently than the practice exams (even the A, B, C, D multiple choice), but they do cover the same material. Quite a few questions had more than one answer, e.g.:
Name a Disney Character
1) Mickey Mouse 2) Pluto 3) Batman
A 1 only B 2 only C 1, 2, & 3 D 1 & 2

If you look at exam advice, they will tell you to eliminate answers that are obviously wrong. That’s good advice. If you are prepared and don’t know an answer, you should be able to eliminate at least one or two wrong answers from most questions.
When you get to the end of the end of the exam, you will have the opportunity to review your answers. I was able to get through the exam in about a half hour, had plenty of time to review (and correct) my answers. When done, select exit (it will give you one last to change your mind).  You will get your “pass” or “fail” notification in a few seconds. It prints a sheet with the score. It won’t tell you the questions you missed, but it will provide a breakdown of scores for each of the study areas.

My ITIL Certification helped me get the job I have now. I can’t say it was a deciding factor (maybe it was) …

Ten Ways To Improve The Security Of Your Systems 0

Ten Ways To Improve The Security Of Your Systems

Mischief-makers are constantly searching and scanning the Internet for vulnerable systems.  They could be snooping recreationally, conducting espionage, looking for free bandwidth, attempting to vandalize a system, or to sabotage an entire network.  There are two classes of these people: the experts and the “script kiddies”.  The experts have an in-depth understanding of operating systems, networks, databases, and programming.   Script kiddies do not necessarily have in-depth knowledge or experience, but they do have the tools that have been written by the experts. If an expert has more expertise than the best in your enterprise, then you may be in for trouble regardless of what you do.  On the other hand, some experts and most script kiddies may just be looking for an easy target.  It is the responsibility of every enterprise to be a difficult target.

If you follow the ten well-known practices discussed in this paper, you will be able to prevent the majority of attacks.  The purpose of this paper is simply to remind the reader of the basics.  This paper will not be a highly technical discourse on how to protect systems, nor will it be introducing new and sophisticated methods of protecting networks.

1) Use Secure Passwords
One of the most important defenses against an attack is to use good passwords across all servers.  This includes test servers as well as production servers.  Never use names, dates, or words that can be found in a dictionary (English or foreign).  These types of passwords can be easily guessed.  People need to be aware that password guessing software is widely available.  Processing power is dirt cheap and available to everyone.  With an inexpensive computer, downloaded software, and a list of words, names, commonly used passwords, and character combinations, it’s not difficult to “harvest” passwords.  John the Ripper is one of the better-known password crackers.  It can “guess” millions of passwords in a single minute.

On most operating systems, passwords are stored in encrypted form.  This is done by an “irreversible hash”.  This means that a password in cleartext can be mathematically encrypted into a hash.  The math doesn’t allow the hash to be converted back into cleartext, even when the encrypting algorithms are well known (which they are).  A password-guessing program can encrypt a “guess” and compare it to an already hashed password.  When they match, it has “guessed” a password.

Since technology makes it easy to “guess” passwords, it’s important to keep encrypted passwords in non-public directories.  In some UNIX systems, passwords are readable by anyone with a login, i.e. /etc/passwd.  UNIX has been around for years, long before computers with sufficient power to guess passwords were widely available.  These days, it’s more common to store passwords in /etc/shadow which is not publicly accessible.

Since passwords are encrypted on most operating systems, even the systems administrator does not have direct access to unencrypted passwords.  However, they do have access to encrypted passwords.  With a password cracker, they can eventually guess your password.  One might ask, in most cases if the systems administrator has access to everything on the system anyway, what does it matter?  The answer:  In this day and age, computers are everywhere.  Most computers require some type of password.  A systems administrator or I/T professional can have access to a dozen or more computers.  That’s quite a few passwords to remember.  It’s common (but poor) practice to use the same password across multiple systems.  Unless the user uses a different password on every single system, an unscrupulous systems administrator can “harvest” passwords for systems that s/he shouldn’t have access to.

It may be impractical or unreasonable to ask people to use a different password on every system but at the very least keep the following in mind:
Test systems should have the same level of security as production systems.  If encrypted passwords are protected on production systems and not on test systems, then production passwords can become compromised.  Even if corporate policy states that employees should use different passwords on every system, unless the policy can be software enforced, some people likely will violate the policy.  People should NEVER use their corporate passwords on servers outside of company control.

As stated before, password crackers can easily guess millions of passwords every minute.  Even with this processing power, it can take a very long time to guess a password.  Crackers use word lists to narrow down the choices.  The best way to create an un-guessable password is to not use words that can be found in a dictionary or cracker word list (e.g. abcdef, qwerty, 123456, etc.).  Be aware that crackers are smart enough to guess common word-number combinations such as password1 or secret2 etc.  Therefore, wherever possible use nonsensical passwords containing both upper and lower-case letters, numbers, and punctuation characters.  Password complexity rules should be software enforced where possible, such as the NT/W2K system policy editor.  Rules that enforce password complexity on other systems will be dependent upon the operating system and software.

Another important password security measure is to require people to change passwords at periodic intervals.  How often will depend upon a number of factors but generally the interval should be about 45 – 90 days.  Also, don’t forget to delete or disable a person’s logins immediately after s/he leaves the organization.

When managing passwords, it’s important to keep close tabs on vendor and default accounts.  For example, staff should take precautions to activate vendor accounts only when necessary to solve a specific problem and to de-activate the account immediately afterwards.  Furthermore, do not allow vendors to use standard passwords on their accounts (i.e. insist that vendor passwords be unique to your site).  Finally, change default passwords and/or disable default accounts immediately after installing new software.  This should go without saying.  Even so, negligent system administrators often fail to change default passwords.  Hackers already know the default passwords.  Default password information can easily be found with a simple Google search or getting a list of defaults from a site such as:

In …