As I walk down the corridor at work, they beckon to me more than the cute pictures of your kids taped to the side of your monitor. Maybe that’s because of the bright fluorescent stickies you write them on, or maybe it’s the highlight marker you’ve used to accent them so nicely. Whatever the case, I feel like I should be saying, “Oh man Bob, you’ve got a killer one ’soweho886′. Awesome dude, I could never remember that either.” or maybe “You’ve got to be kidding me, they expect you to remember that?”
In a recent visit to a state run facility, I saw a laptop issued to government personnel with not one, but two stickies full of logins and passwords. These passwords weren’t your ordinary “dog” or [insert wife’s birthday here] passwords. These were strong passwords obviously issued by a sensible systems administrator or randomly generated passwords.
The two stickies contained the logins and passwords of, whom I suppose, are the three regular users of the laptop. This particular laptop had access to a massive database of thousands of people with social security numbers, bank account and employer information and, (*ahemm* *cough-cough*), lots of other information you might associate with child support cases.
You might not think you’re important. You’re probably not. You probably don’t have user access permissions that could disable an entire system. But ask yourself, “Why did they give you a password in the first place?”
Subscribe to cubicle
This literally drives me bat****…
If I saw this at my workplace (I’m the IT manager), I would lock their accounts immediately and force them to call the helpdesk to get a case number, which is then routed to me here locally, and then make them wait until I determine some wacked-out password they will never remember, and forbid them to write it down again. They can change their passwords at will, the policy isn’t really strict, but for god sakes, don’t leave it out for everyone to get hold of…
Amen.
I used to work IT for a company who sent visiting staff (nurses, therapists, health aides, etc) into homes of people, and I swear, at least 4-5 out of every 10 laptops I would work on had the password not just sticked, but straight-up taped to the laptop… that is, it was COATED IN TAPE (you know, so it won’t wear out, causing you to have to go through all the tremendous and awful horror of writing it down on ANOTHER paper and taping it again - gasp!). And these passwords were typically 4-digit numbers (ATM pin numbers, anyone?). When we FINALLY got approved to enforce a strong password policy, I’d say about 9 out of 10 laptops had adopted this convenient little method of “remembering” passwords.
These were laptops that contained people’s health care information and spent most of their time either in strangers’ houses or in employees’ cars (we can only hope they locked their doors).
Sub1ime14 on July 3rd, 2007 at 8:40 am | Link
I get tempted to type them in
Lawrence on February 4th, 2008 at 9:37 pm | Link