Password Security

Doing some helpdesk support for coworkers, it's unusually hard to explain to some folks why they have to keep their passwords secure.

In short, it's fine to write a password down, as long as you protect that slip of paper like you'd protect, well, other important slips of paper, like a $100 bill. Keep it in your wallet, keep your wallet with you at all times, and you're good, unless the password is much more important than any amount of money you'd ever carry.

It's not fine to write a password on a post-it note and stick it to your monitor. Other people can and will sit at your desk, can and will read the post it notes directly in front of them, and eventually will use your password without your permission. It's also not good to hide those passwords in a drawer in your desk... because if someone then wants to login as you, all they need to do is shuffle through your papers when you're not there.

This seems, well, trivially simple to me. If you can't remember passwords, it's O.K. to write them down, but not okay to write them down where other people *will* find them.

1 comment:

Michael Cloppert said...

The real answer, of course, is two-factor authentication... a sufficiently long pseudo-random number means a short pin or phrase to remember, and never have to reset. Of course, good luck getting all your systems & apps to support it :-P