How close are you to your passwords?

Bob covello
Bob Covello
@

Password postit wide

We are all familiar with the problems of passwords.

There are numerous articles in journals and newspapers about the dangers of weak passwords, as well as the risks associated with reusing the same passwords for different accounts which makes it very easy for a criminal to compromise our entire digital existence if a single password is stolen.

Let’s take a moment to consider how close we are to our passwords. Many of our passwords are derived from our emotional attachments to children, pets, or favorite sports teams. But let’s also consider our physical proximity to those passwords.

Sign up to our free newsletter.
Security news, advice, and tips.

In late 2012, Lifehacker revealed some of the most common hiding places for passwords:

  • Under the keyboard.
  • Under the phone.
  • Under the mouse pad.
  • On the monitor.
  • In the top drawer.
  • Under the desk.

I doubt much has changed in the intervening three years.

Such hiding places might keep passwords safe from internet hackers, but they don’t necessarily mean that your accounts will remain private from visitors to your office desk or home.

Is your password list within reach of you right now?

Are your passwords written down and taped to your monitor, hidden under your keyboard or mouse pad, under the desk phone, in your unlocked desk drawer, or under the desk?

Practicing this method of “security through obscurity” puts both you and your company at risk of a data breach that could not only be costly, but severely damaging to its reputation. One of the more noteworthy breaches of the last few years was the Target hack, which cost the firm in excess of $290 million after network passwords were stolen from its refrigeration, heating and air conditioning subcontractor.

If you see any of your friends, family, or colleagues practicing any of these security “fails”, please take the time to help them be better stewards of their online identities.

Treat all passwords as top secret information. A password as seemingly insignificant as your home Wi-Fi password, if leaked to the wrong person, has the potential to result in identity theft.

And please, don’t make the mistake of some organisations – allowing TV crews to reveal to the world that you keep your passwords handy for any visitors to see.

A high-tech method to protect your passwords is to use a password manager, but if you have opted for the low-tech method of writing any passwords on a Post-It note, please keep them in a secured location so that unauthorized eyes cannot see them.

Some simple steps towards password security can go a long way to keeping you and your data safe.

flickr photo shared by Marcus Povey under a Creative Commons ( BY ) license


Bob Covello (@BobCovello) is a 20-year technology veteran and InfoSec analyst with a passion for security topics. He is also a volunteer for various organizations focused on advocating for and advising others about staying safe and secure online.

3 comments on “How close are you to your passwords?”

  1. David L

    Oh NO ! I have my list right next to my work station at home! I sure hope I can trust my dog when I am away. If she decides to turn traitorous and allow an intruder unfettered access, then I'm in trouble. But Pitbulls are notoriously protective. Just ask my mailman,or Grandma (-: Too bad there is not an electronic Pitbull )-:

    But seriously,good advice Bob. I would have added that every account you can initiate 2 factor sign-ins, should be done as a matter of course. And there are other security measures like hardware keys and such. Password managers have been known to have vulnerabilities too,and no software is immune as a general rule.

  2. coyote

    I fail to see how this is security through obscurity; you're not obscuring anything at all if you actually write the password down.

    In addition, security through obscurity is only a problem if used BY ITSELF. That's why there are file permissions, for example.

    Edit: Something else. Password managers aren’t always useful. Logging into the system comes to mind as one example of others.

  3. Hitoshi Anatomi

    Hiding password memos indoor is not so big a problem. It is when you are moving around away from home/office that you see the real problem.

    At the root of the password headache is the cognitive phenomena called “interference of memory”, by which we cannot firmly remember more than 5 text passwords on average. What worries us is not the password, but the textual password. The textual memory is only a small part of what we remember. We could think of making use of the larger part of our memory that is less subject to interference of memory. More attention could be paid to the efforts of expanding the password system to include images, particularly KNOWN images, as well as conventional texts.

    Incidentally, biometrics are dependent on passwords registered in case of false rejection in the cyber space. So are multi-factor authentications and ID federations like password-managers and single-sign-on services. And, in a world with passwords killed dead , we have no safe sleep. Passwords will stay with us for long.

    It is too obvious, anyway, that the conventional alphanumeric password alone can no longer suffice and we urgently need a successor to it, which should be found from among the broader family of the passwords (= what we know and nobody else knows).

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.