go to sections menu

Grease the Skids: Improve Training Successes by Optimizing the Environment from blog The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary > Grease the Skids: Improve Training Successes by Optimizing the Environment

Go to Homepage, contents or to navigation menu



Grease the Skids: Improve Training Successes by Optimizing the Environment

The next article in the phishlabs training is Grease the Skids: Improve Training Successes by Optimizing the Environment and I’ve been thinking about how to write this one up. Training alone is not enough, says Phishlabs. I know that I can talk about my thoughts on subjects, but over all, the user must put what I’ve learned in to practice in their daily life. I can teach a subject, but that doesn’t mean the student is going to get it.

I don’t think some of the things like changing passwords every month is a good idea, but if the organization you work for requires that, the blog post says that the company should force that, and get people to make their passwords valuable but yet not easy to guess.

I’d like for you guys to take a look at this article, and see how you can implement the ideas in it on your own. Lets discuss!


Informazioni sull'articolo

Grease the Skids: Improve Training Successes by Optimizing the Environment was released on October 17, 2019 at 10:20 am by tech in article commentary.
Last modified: October 17, 2019.


Comments (2)

  1. Comment by crashmaster date 17 October 2019 alle 22:08 (),

    To be honest unless you need to change passwords every month I think its a bit of an issue for everything.
    Saying that, if you are in the military/security/government/communications and other high priority industry you probably have to.
    As well as all the links not to click, scam calls are on the rize and you have to be on your toes.
    As for a password manager, it depends on your situation.
    To a certain extent 2step authentication is a must.
    Also using secured apps is also a must except for a few cases.
    Google is one such case.
    Every app needs a password when you use 2step.
    In theory thats fine but in practice, every app on every device needs a random password which means you will probably have to generate random passwords which means eventually you will have to rely on your password manager completely for x app.
    Its really complex.
    Then I have an issue with less secure apps.
    Less secure apps, should not mean apps which are not apple mail, windows mail or google.
    In fact anything google does not deem secure simply should be meaning, that google apps only can run.
    Microsoft outlook is a security risk.
    In fact anything which isn’t google is a security risk.
    I only suspect they allowed windows and apple mail because they would be noticed if they tried to block those to.
    Point is, the less secure apps setting in google is a joke.
    And 2step authentication in google, while it maybe secure in every way, is practically a joke.
    No one in their right mind will want a password for every app, site or program on all their devices that use google services to have a password.
    Google’s trusted device is also good.
    Another thing I do not aggree with while it may protect a user is if you login to a google device in one location, then login on the otherside of the world even if you know the password, google will assume you are hacking in and lock the account.
    If you are within the country it will ask you to varify and trust yourself.
    Why google does this is quite dumb.
    If I need to support a user in a different part of the world that is from my country like family I effectively can’t login and support them.
    I must engage in a skype/whatsapp/voice call to them and get them to access their own account and do it themselves.
    While I wouldn’t have any issue with this.
    If they are near, I will get an alert trust or not trust and confirm.
    It seems a bit of a double standard.
    As far as I know no one else does this and that does concern me a bit.
    The other is microsoft.
    While microsoft gives a lot of login options, there are 2 reasons not to bother even trying to secure microsoft anything.
    1. with the death of microsoft music and a few other services, microsoft has basically turned their account system to their apps, and devices only.
    There is almost no point to even login unless.
    1. you are on the go and are using or needing to use a chain of windows devices.
    Or cortana maybe.
    2. windows mobile.
    That flopped.
    Its doubtfull that most users will be chaining a lot of windows laptops or desktops together to use at once.
    Using a microsoft account is just dumb and stupid .
    It could have been a good thing but microsoft pulled all the features out and left us users with not much.

  2. Comment by tech date 20 October 2019 alle 10:46 (),

    In regards to passwords, I do agree with you that it is a problem. Some places require it but why? According to research, the NIST agency here in the states now says that it isn’t necessary. The National Institute of Standards and Technology now states this because it can be a problem, and it may not be more secure than leaving it alone. GRC’s Steve Gibson said on a podcast that this is a welcome change. What do you all think?

Sorry, the comment form is closed at this time.

go to sections menu


navigation menu

go to sections menu