Comments on: Why Bother Giving Password Advice?

By: DavidScott

DavidScott — Thu, 13 May 2010 17:04:32 +0000

Ken: Great post and good points. I’ve also had security advice discounted, even in paying environments. They’ll learn (the hard way). Here’s a “workaround” for the password-challenged – I don’t endorse it particularly, and just tell people about it anecdotally (as there is a liability). The trick is to create a “dummy” Contact in MS-Outlook (or similar e-mail system), and simply put passwords in the notes section of the Contact. It’s true, of course, that if anyone breaches your e-mail account in that circumstance, they’d corral all of your passwords – but at least the passwords are in a password protected zone (MS-Outlook, or some other contact/e-mail system), AND, a person breaching would have to be perusing ALL of your Contacts in order to stumble on the password cache – very unlikely, as they’re motivation would likely be to breach the e-mail, and read that.

Of course – for the truly hapless – they COULD forget their e-mail password…

By: The Geek

The Geek — Wed, 12 May 2010 15:02:15 +0000

Labnuke, thanks for your comment and the link. That’s a very handy tool and I’m going to show it to him when we meet today. In fact, I’m going to put you on the blogroll and post a mention to your article over at Ask the Geek.

Yogi, you’re so right. I just tend to get frustrated at times. Thanks for your comment!

Cheers!
Ken

By: Labnuke99

Labnuke99 — Wed, 12 May 2010 13:26:48 +0000

Here’s an option for your client. [A href="http://itknowledgeexchange.techtarget.com/it-trenches/a-password-reminder-to-carry-with-you"]PasswordCard[/A]. Maybe he could remember a symbol and a color – he could even just write down the symbol and remember the color.Not foolproof by any means, but better than full password being written on a sheet of paper.

By: Yogi

Yogi — Wed, 12 May 2010 05:49:49 +0000

It won’t register until someone steals his wallet and swipes his credit card for as much as they can get. Then your client will be angry and upset at THAT security breach. For some people (OK, probably most people), a security breach doesn’t seem to really sink in until it hits “close to home”. In other words, personal. And no matter how much we may advise them, people will generally tend to do what is easier and/or faster. And it doesn’t necessarily mean that your opinion wasn’t valued. Whether they follow it or not, they now have the knowledge to increase their security if they so desire (which it sounds like they won’t).

I usually liken those scenarios to those where parents leave money out in the open when their kids’ friends come visit just to see if they can trust the teenagers who come into their house. If the money is untouched, the kids are allowed back; if the money is gone, they don’t get invited back.