Mobile // Mobile Applications
Commentary
9/3/2010
10:35 PM
Keith Ferrell
Keith Ferrell
Commentary
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Looking For A Password? Look Under A Keyboard

How many of your employees are keeping passwords, log-ins and other information on sticky notes under their keyboards? Easy enough to find out.

How many of your employees are keeping passwords, log-ins and other information on sticky notes under their keyboards? Easy enough to find out.There's a great 1938 Sammy Fain/Irvng Kahal standard called "I'll Be Seeing You," whose most haunting lyric includes the words "In all the old familiar places." (Nice Sinatra/Tommy Dorsey version here.)

Want to see the "old familiar places" for passwords and other sensitive information in your employees' workspaces? Take a look under their keyboards.

And on the backs of monitors, the bottoms of desk drawers, inside the drawers themselves, pretty much anywhere that sensitive information can be "hidden in plain sight."

Time to take a password-focused look around the workplace.

Don't be surprised at what you find. I was in a small business recently and passed a work cubicle which was notable for its neatness, orderliness... and the 3-ring notebook whose spine bore the printed label PASSWORDS, ETC.

None of this is new, of course. Right in the middle of a good 2002 Symantec piece on passwords you'll find this:

"...exercise extreme caution when writing down or storing passwords. Stories of hackers obtaining passwords through shoulder-surfing and dumpster diving are not urban myths, they are real. Users should resist the temptation to write down passwords on Post-It notes stuck to their monitors or hidden under their keyboards."

Passing time doesn't dim the appeal of those "old familiar places, though. Nor evidently, does security professionalism. A few years ago security firm Cyber-Ark surveyed a couple of hundred IT professionals, and in the course of finding out just how much snooping they were doing into employees' private files (lots), they found out just how many security pros in their survey base were writing passwords on Post-its. Answer: also lots.

As Cyber-Ark reported: "More than half of people still keep their passwords on a Post-it note, in spite of all the education and reminders to do differently. What's shocking about this year's annual survey was that the 50% number now applies to IT Professionals as well!" (The passwords the pros Post-it-ized included administrative passwords, as well as individual ones.

Not that the sticky note approach doesn't have its adherents.

Last year, F-Secure blogger Sean Sullivan made a strong case for writing strong passwords down, and for writing them down on Post-its. The trick was that you don't write the whole password down. Read about this approach in detail here.

The post closed with a familiar refrain:

"Don't put the Post-it on your monitor! And not on the underside of your keyboard either… everyone's familiar with that location too."

But Sullivan also had some solid advice on where to store the written password: your wallet.

Think about it: people keep things in their wallets that they really care about protecting, however they feel about their passwords. Good tip, worth passing along.

Take a look around your workplace's "old familiar places" sometime soon. Just don't be surprised what you find there.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government, May 2014
NIST's cyber-security framework gives critical-infrastructure operators a new tool to assess readiness. But will operators put this voluntary framework to work?
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.