A good security practice is to avoid reusable passwords where possible, particularly for accounts where money is involved. Another security practice is to avoid reusing the same password at multiple sites.
A credit card number is a reusable password. It gives access to money. Thanks to the payment card industry (PCI) we're supposed to trust this reusable password at all the vendors where we shop? And trust that each of those vendors will keep their card processing devices and back end systems secure from external and internal intrusion?
Meanwhile, instead of eliminating the reusable passwords, PCI passes the risk on to card accepting companies by imposing hundreds of security standards on each card accepting company (see www.pcisecuritystandards.org). Failure to comply means increased credit card transaction fees or prohibition from processing credit cards.
As a customer, I prefer using credit cards to cash for the convenience and record keeping value. As an IT guy, I've spent many evenings and weekends working to comply with PCI standards to protect these static reusable passwords from compromise.
A better solution would be to eliminate the static reusable credit-card passwords from existence.
I've worked in good datacenters and bad datacenters. As a network engineer my primary pain point is cabling. One datacenter I work in takes 10 minutes per patchcable to install. Another takes 1 minute per patchcable. The difference is how the structured cabling and cable management are provisioned when the datacenter is built.
If you are installing a datacenter it is worth spending some money to make certain the people making decisions don't screw up, resulting in pain for you when installing patchcables next year.
So I support this $250 document and hope my management will buy it (a bit spendy to buy just for general reading).
I highly recommend "Build the Best Data Center Facility for Your Business" by Douglas Alger, published by Cisco Press. 375 pages. $55. A bunch of lessons learned from Cisco's datacenter operations team (I did shell out my own money to buy that one for general reading).
Full disclosure: I used to work for Cisco and slightly know the author.
Slashdot Mirror
A credit card number is a reusable password. It gives access to money. Thanks to the payment card industry (PCI) we're supposed to trust this reusable password at all the vendors where we shop? And trust that each of those vendors will keep their card processing devices and back end systems secure from external and internal intrusion?
Meanwhile, instead of eliminating the reusable passwords, PCI passes the risk on to card accepting companies by imposing hundreds of security standards on each card accepting company (see www.pcisecuritystandards.org). Failure to comply means increased credit card transaction fees or prohibition from processing credit cards.
As a customer, I prefer using credit cards to cash for the convenience and record keeping value. As an IT guy, I've spent many evenings and weekends working to comply with PCI standards to protect these static reusable passwords from compromise.
A better solution would be to eliminate the static reusable credit-card passwords from existence.
They mush have stored the designs for the single-play DVD on a single-play DVD.
Doh!
I've worked in good datacenters and bad datacenters. As a network engineer my primary pain point is cabling. One datacenter I work in takes 10 minutes per patchcable to install. Another takes 1 minute per patchcable. The difference is how the structured cabling and cable management are provisioned when the datacenter is built. If you are installing a datacenter it is worth spending some money to make certain the people making decisions don't screw up, resulting in pain for you when installing patchcables next year. So I support this $250 document and hope my management will buy it (a bit spendy to buy just for general reading). I highly recommend "Build the Best Data Center Facility for Your Business" by Douglas Alger, published by Cisco Press. 375 pages. $55. A bunch of lessons learned from Cisco's datacenter operations team (I did shell out my own money to buy that one for general reading). Full disclosure: I used to work for Cisco and slightly know the author.