7 Password Experts on How to Lock Down Your Online Security

[mpicco]

It's true that some people are "stupid" with computers, but both problem scenarios you described are created by the company, not the users. Interval-based password expiration is a terrible policy and people should have the correct privileges on Sharepoint.

No, dude, no. If you are external and require access to SharePoint you contact HR and they create a log in for you. If you're in the company and don't have access to X SharePoint site, you contact that site's admin and request access. IF he decides to give it to you then great.
Under no circumstances you give someone else your password to access ANYTHING at all, that's a humongous breach of security.


Sent from my XT1040 using Tapatalk

 

[narf]

If you're in the company and don't have access to X SharePoint site, you contact that site's admin and request access. IF he decides to give it to you then great.

Even better: You request access through the identity management platform, both the data owner and your superior are asked for approval, and once approved you automagically get the correct privileges.

 

[mpicco]

Exactly, if its through a portal, an email, in person, doesn't matter, you ask permission and then you're granted it if the owner decides you need access to what potentially is sensitive and confidential info.

In this case its people stupidity cos the company forces you to do the same boring data security course yearly, in which, you're told 17 times "do not share your password with anyone for any reason".

 

[Jupix]

No, dude, no. It's exactly like you said.

Summarized your little post there.

 

[mpicco]

Summarized your little post there.

You suggest it's IT's duty to give out permissions when it's HRs duty to create new accounts, and it's each SharePoint admins duty to manage accesses. None of it should go through IT

Is it the company's "fault" wanting some security for their private, sensitive data? I don't think so.

 

[Jupix]

You suggest (...)

I suggest your problem is caused by (1) a bad policy and (2) your organization performing inaccurately and/or slowly in assigning people the system access privileges they require. It is not caused by the people (unsecurely) working around those issues.

How your organization and business processes should be set up to fix problem #2 is not my professional area of expertise. There are professionals employed solely for that. My job is to identify problems and initially get the ball rolling to fix the situation.