Getting organized might make you less secure?
Posted by jkouns
Tonight I went shopping with my wife as she wanted to purchase a new 2007 day planner. She was looking through all kinds of different types and really could not make her mind up about which one was the best. Finally, I decided to start looking at them as well so I could help her pick one out. I grabbed this pink leather Franklin Covey planner and started flipping through the pages. It had all of the typical things that you expect in an organizer. It also had random pages for you to write down your important contacts, birthdays, phone numbers, notes… and passwords! There was a full page included with this planner for you to write down and help you organize your account names and passwords.
With computers and the Internet becoming so mainstream it makes sense why things like this are starting to be introduced into everyday products. However, it drives me nuts– it goes back to the on-going security awareness debate and determining how much effort you put into training people not to write down their passwords, etc. It is hard enough to get most people to think about security but it makes it even worse when companies produce products that encourage people to be insecure!
I can see it now….. people stealing day planners to get usernames and passwords.
It’s not pink leather, but you could buy her one of these and save some cash:
“Spiralbound book helps keep track of log-in IDs and passwords for Internet sites or password-protected systems. No more lost scraps or notes scribbled on the back of business cards. The cover flips back for easy writing in the office or on the road. The book features enough 20 lb. heavyweight sheets to keep track of 24 password-protected systems for a year.”
http://www.shoplet.com/office/db/TOP21669.html
you make it sound like writing down passwords is bad security but even bruce schneier recommends writing them down (specifically to write them down on a small slip of paper and stick them in your wallet)…
it does CHANGE the security properties to be more comparable to token based systems, but it doesn’t necessarily make the system less secure…
This is an interesting situation. While I don’t necessarily recommend writing down your passwords, I can see both sides of the issue. Realistically if someone stole my dayplanner and it had passwords in it. Would they know what those password went to? Would they have time to get the information regarding the password resources before I realized my planner was gone and/or missing and I changed my passwords?
Personally I think it is still debatable as to whether or not you should recommend writing passwords down at all. Regardless, there is a huge difference between having passwords stored in your wallet and an organizer. Most people keep their wallets with them at all times and it can be argued that passwords would be secure. Let me know when that type of protection is applied to trapper keepers…..
This particular organizer had it so you were supposed to write down the account it was for and the password.