How close are you to your passwords?

Password postit wide

We are all familiar with the problems of passwords.

There are numerous articles in journals and newspapers about the dangers of weak passwords, as well as the risks associated with reusing the same passwords for different accounts which makes it very easy for a criminal to compromise our entire digital existence if a single password is stolen.

Let's take a moment to consider how close we are to our passwords. Many of our passwords are derived from our emotional attachments to children, pets, or favorite sports teams. But let's also consider our physical proximity to those passwords.

In late 2012, Lifehacker revealed some of the most common hiding places for passwords:

  • Under the keyboard.
  • Under the phone.
  • Under the mouse pad.
  • On the monitor.
  • In the top drawer.
  • Under the desk.

I doubt much has changed in the intervening three years.

Such hiding places might keep passwords safe from internet hackers, but they don't necessarily mean that your accounts will remain private from visitors to your office desk or home.

Is your password list within reach of you right now?

Are your passwords written down and taped to your monitor, hidden under your keyboard or mouse pad, under the desk phone, in your unlocked desk drawer, or under the desk?

Practicing this method of "security through obscurity" puts both you and your company at risk of a data breach that could not only be costly, but severely damaging to its reputation. One of the more noteworthy breaches of the last few years was the Target hack, which cost the firm in excess of $290 million after network passwords were stolen from its refrigeration, heating and air conditioning subcontractor.

If you see any of your friends, family, or colleagues practicing any of these security “fails”, please take the time to help them be better stewards of their online identities.

Treat all passwords as top secret information. A password as seemingly insignificant as your home Wi-Fi password, if leaked to the wrong person, has the potential to result in identity theft.

And please, don't make the mistake of some organisations - allowing TV crews to reveal to the world that you keep your passwords handy for any visitors to see.

A high-tech method to protect your passwords is to use a password manager, but if you have opted for the low-tech method of writing any passwords on a Post-It note, please keep them in a secured location so that unauthorized eyes cannot see them.

Some simple steps towards password security can go a long way to keeping you and your data safe.

flickr photo shared by Marcus Povey under a Creative Commons ( BY ) license

Tags:

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

3 Responses

  1. David L

    December 9, 2015 at 5:04 pm #

    Oh NO ! I have my list right next to my work station at home! I sure hope I can trust my dog when I am away. If she decides to turn traitorous and allow an intruder unfettered access, then I'm in trouble. But Pitbulls are notoriously protective. Just ask my mailman,or Grandma (-: Too bad there is not an electronic Pitbull )-:

    But seriously,good advice Bob. I would have added that every account you can initiate 2 factor sign-ins, should be done as a matter of course. And there are other security measures like hardware keys and such. Password managers have been known to have vulnerabilities too,and no software is immune as a general rule.

  2. coyote

    December 9, 2015 at 8:12 pm #

    I fail to see how this is security through obscurity; you're not obscuring anything at all if you actually write the password down.

    In addition, security through obscurity is only a problem if used BY ITSELF. That's why there are file permissions, for example.

    Edit: Something else. Password managers aren’t always useful. Logging into the system comes to mind as one example of others.

  3. Hitoshi Anatomi

    December 13, 2015 at 2:48 am #

    Hiding password memos indoor is not so big a problem. It is when you are moving around away from home/office that you see the real problem.

    At the root of the password headache is the cognitive phenomena called “interference of memory”, by which we cannot firmly remember more than 5 text passwords on average. What worries us is not the password, but the textual password. The textual memory is only a small part of what we remember. We could think of making use of the larger part of our memory that is less subject to interference of memory. More attention could be paid to the efforts of expanding the password system to include images, particularly KNOWN images, as well as conventional texts.

    Incidentally, biometrics are dependent on passwords registered in case of false rejection in the cyber space. So are multi-factor authentications and ID federations like password-managers and single-sign-on services. And, in a world with passwords killed dead , we have no safe sleep. Passwords will stay with us for long.

    It is too obvious, anyway, that the conventional alphanumeric password alone can no longer suffice and we urgently need a successor to it, which should be found from among the broader family of the passwords (= what we know and nobody else knows).

Leave a Reply