The Contents Management System (CMS) becomes mainstream for editing HP. Then, the editor makes up the HP using the web browser. In this case, the administrator has to consider not only the countermeasure for preventing falsification of web site but also the backward incidence after the web site is hacked. Because if the HP editor’s password leaks due to computer virus or other various triggers, the influence will cause damage to the Internet users.
In most cases, the web server has already protected by various security system. However, the attackers try to steal the web editor’s password by using various approaches. About some famous approaches, please see the end of this sentence.
Therefore, the password management is very critical issue. the design and operation of the administration rule for CMS and password is very important issue for not only administrator but also manager because for risk management.
[General Rule of Password]
- Don’t use the same password in the other services.
- Don’t use the password in the shared PC in public spaces, such as Net cafe, Hotel, Airport and so on, as much as possible.
[Famous approaches for stealing the password]
- Phishing
The attackers try to have you input your password by using the E-mail and the hacked HP. They may say, “Please input your ID and password for improving the security system of your bank, software, or other important system”. Of course, please don’t believe it. By using our security software, most cases can be blocked.
To prevent it, you will ignore the murky message or warn the administrator. Then, you will always continue to update the latest security software in your PC. - Keyboard logger
First, the attackers try to infect with a computer virus the shared PC in the Net cafe, Hotel, Airport, and so on. It is comparatively easy because in most cases, the security level of these PCs is too low. When the user input the password, such as web mail, shopping, and so on, the computer virus will leak it to the public.
To prevent it, the important passwords don’t use in the shared PC. In other words, when you’d like to use their password, you should use in your PC. - Dictionary attack
By using various dictionaries, the attackers try to log on the editing system of the web site. If the editor uses the dictionary words or comparable words, they will be able to discover the editor’s password easily.
To prevent it, you had better use the combination of random alphanumeric characters and marks. Moreover, the long password is used as much as possible.