To make it easier, we’ve published the password on front of our magazine…

Graham Cluley

To make it easier, we've published the password on front of our magazine...

What’s the point of a password, if it’s published on the front cover of a magazine?

It seems a reasonable question, and I can’t blame GP Thinus van Rensburg asking it on Twitter when a copy of Diabetes Management felt into his lap.

Magazine password

The password grants users access to the “complete, searchable archive of all Health Publishing Australia medical journals.”

Okay, it’s probably not the most sensitive information in the world as it’s an archive of medical magazine articles. But you do have to wonder why they bothered to have a password at all if they’re going to make it so public?

And just to prove the point about the err… pointlessness of the archive having a password, just visit the website and try to visit the archive.

Hpa password

Do you see what I see?

Let’s zoom in it a bit more…

Hpa password 2

Still can’t quite read it? I’ll zoom in for the benefit of those of us in our forties…

Hpa password zoom

Yup. The magazine’s online archive has (alongside its password form) a sample cover of Diabetes Management – complete with its ever-so-helpful reminder of what the right username and password is.

Hat-tip: @tvren and @isecguy.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

9 Replies to “To make it easier, we’ve published the password on front of our magazine…”

    1. No you cannot – only if you manage to intercept the password reset email that goes to the email account associated to the user 'hpa'.

    2. It's especially better for ankle-biters who think they're cleverer than others when in fact they're showing the exact opposite (as well as many other things)…

  1. The key question would be, how much access does that ID give to the person using it? If it is just read access, then it is an old practice since the 70s of giving "free" access or a free copy of/to [name product] so that you get to pay for the full access under your personal ID, or in the 70s case, phone this number, say the password/code for a freebie. Seems more like a internet age version of the freebie on the cover ( anyone remember the old copies of 45's on a thin piece of plastic, shaped square but stamped circular, plays on a 45/33 and a third player).

  2. This has been used as a method to stop certain search engines being able to list the library content in their search results. Old method, but works.

  3. A username/password combination also makes it significantly more challenging to scrape the website for data…granted, they could ratchet this up a few notches by simply adding a ReCaptcha.

  4. I have noticed that since your article was published, they appear to have taken the archive offline. Albeit by simply deleting the DNS record for the server.

  5. I get the point but limiting access to medical research/literature is only harmful so on the whole I don't see this as a problem.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.