To make it easier, we’ve published the password on front of our magazine…

Diabetes they can manage. Passwords? Not so well…

Graham Cluley

What’s the point of a password, if it’s published on the front cover of a magazine?

It seems a reasonable question, and I can’t blame GP Thinus van Rensburg asking it on Twitter when a copy of Diabetes Management felt into his lap.

The password grants users access to the “complete, searchable archive of all Health Publishing Australia medical journals.”

Sign up to our newsletter
Security news, advice, and tips.

Okay, it’s probably not the most sensitive information in the world as it’s an archive of medical magazine articles. But you do have to wonder why they bothered to have a password at all if they’re going to make it so public?

And just to prove the point about the err… pointlessness of the archive having a password, just visit the website and try to visit the archive.

Do you see what I see?

Let’s zoom in it a bit more…

Still can’t quite read it? I’ll zoom in for the benefit of those of us in our forties…

Yup. The magazine’s online archive has (alongside its password form) a sample cover of Diabetes Management – complete with its ever-so-helpful reminder of what the right username and password is.

Hat-tip: @tvren and @isecguy.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

9 comments on “To make it easier, we’ve published the password on front of our magazine…”

    1. No you cannot – only if you manage to intercept the password reset email that goes to the email account associated to the user 'hpa'.

    2. It's especially better for ankle-biters who think they're cleverer than others when in fact they're showing the exact opposite (as well as many other things)…

  1. The key question would be, how much access does that ID give to the person using it? If it is just read access, then it is an old practice since the 70s of giving "free" access or a free copy of/to [name product] so that you get to pay for the full access under your personal ID, or in the 70s case, phone this number, say the password/code for a freebie. Seems more like a internet age version of the freebie on the cover ( anyone remember the old copies of 45's on a thin piece of plastic, shaped square but stamped circular, plays on a 45/33 and a third player).

  2. This has been used as a method to stop certain search engines being able to list the library content in their search results. Old method, but works.

  3. A username/password combination also makes it significantly more challenging to scrape the website for data…granted, they could ratchet this up a few notches by simply adding a ReCaptcha.

  4. I have noticed that since your article was published, they appear to have taken the archive offline. Albeit by simply deleting the DNS record for the server.

  5. I get the point but limiting access to medical research/literature is only harmful so on the whole I don't see this as a problem.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.