Safe to use SS# as username on company intranet?
From: Machine Messiah (Poorham@nospamdamnit.com)Date: 05/15/02
- Next message: Barry Margolin: "Re: SSH vs. Dialup security"
- Previous message: Bryan Coon: "SSH vs. Dialup security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Machine Messiah <Poorham@nospamdamnit.com> Date: Wed, 15 May 2002 18:50:40 GMT
What do the experts here think of a policy of requiring an employee to
log on to an intranet using a social security number as a username?
My employer wants me to complete an online training course and they have
set up a system where we can log onto their intranet individually, but
they expect us to use our social security number as a username. I asked
my supervisor if it were possible to change my username to something less
personally vital as my SS# and said she didn't think so and she was NOT
very civilized about it.
I have learned the hard way to be very stingy about giving out my ss# and
am very concerned about the security implications of using my ss# as a
computer password or logon name. I'd be more willing to use a credit card
# because if there were a problem I could at least cancel the card. I do
not carry my ss# on my person, it has never been on the hd of my computer
and I
have never used it on a website. I do not access any of my financial
information online because many such sites seem to require it.
I plan to email the administrator of the training program and ask about
changing my username. If they are unwilling or unable to change it, what
sort of questions should I ask about the security of their network? All
I know about intranet security I got from this page:
http://intranetjournal.com/features/isecurity.shtml
I know intranets can use ssl/128 bit encryption so I plan to ask about
that. If they don't use that, what are some other ways to secure an
intranet? Should I ask them about their firewall, How often the system is
scanned for trojans?
If anyone here is in charge of an intranet, what sort of security setup
would make you willing to use your SS# as a username?
We were given a url to use if we wanted to try accessing the training
course from home. I checked the url with Neotrace and now have the names
of the network administrator and coordinator. Would one of these 2 be in
charge of assigning or changing user names? Should I direct my questions
to them. Do you think they'd be pissed to get an email from me?
I entered the url on my computer and got this message:
Enter Network password
please type your username and password
Site: joe.shmo.com
Relm: HTTP Authentication(ID#####)
I typed nothing, hit enter and got this:
Error: Authen Rejected.
No 401 or 403 message. Does this give any hints as to how the network is
secured.
Finally, the company has a web page where you can apply for a job with
them online. They ask for your name, address, phone number and you can
even upload your resume. THE PAGE IS NOT SECURE! No "https" in the url,
no little yellow padlock at the bottom of the screen! I think you'd have
to be pretty foolish or desperate for a job to use this page. It only
heightened my concerns about the security of their network.
- Next message: Barry Margolin: "Re: SSH vs. Dialup security"
- Previous message: Bryan Coon: "SSH vs. Dialup security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
