Posted by: Ken Harthun
Opinion, Password, Security, security awareness, Security Faux Pas
I’m miffed. I went to visit one of my clients yesterday – one that I’ve carefully educated in password selection and security – and saw a sticky note on the wall with all his passwords written down on it. I asked him why. He just went on and told me that it was just too much trouble to think about mnemonics, password encoding systems, etc. I said that at least he could put that sticky note on the bottom of his keyboard where it was less obvious. He said it didn’t matter; whomever wanted his passwords would find them there anyway.
I won’t tell you this client’s profession; if I did, you’d be shocked. Let’s just say that a member of the cleaning crew could use information obtained through illegal use of my client’s passwords to do some real damage. And don’t think that a determined hacker would find it beneath him- or herself to take a job as a custodian if there was profit in the offing.
Why bother? Well, here’s the thing: I have all of my advice in writing in the form of emails with training materials attached to them. If my client ever gets hacked, I’m not liable for the consequences of any breach. I told them so. If they chose to ignore my advice, so be it. I did my job.
But I’m still miffed; I thought my opinion was valued.
What would you think?