Back to passwords. Again!

It looks like I cannot get away from articles about passwords, which is not really a bad thing as passwords are still fundamental to everyone’s cyber security. I often read in the cyber security technical press that cyber attacks on even the biggest organisations start with the compromise of a set of credentials, with the user giving away their password through a social engineering attack.

That is where our Cyber Security Awareness Training comes in. If your people are aware of the latest types of phishing email and social engineering attacks, they can be on their guard when these sophisticated attacks get past your technical defences.

I was talking about passwords…

Back to passwords. This article combines both cyber security and Christmas shopping – of course it is that time of year.

Diana and I were browsing in a gift shop (not something either of us does generally) when Diana came across this book in the gifts for Christmas section:

passwords book

A password book – with a really useful layout inside, including the ability to track password changes.

passwords book inside

Now I have a whole article on how to store passwords in a sensible and secure way:

Back to Basics – One more thing about your passwords – Remembering them

But this did get some response from one of our clients that has a password book.

Passwords and Paper

There is an argument that having a password book which is kept securely at home or in the office is OK, because the hacker is not there in the room with the book. This is unlike an online system, where the hacker could get access to the passwords. Our client also obfuscates the information in their book, making it useful only for them – unlike the example above where everything, including redundant passwords, is laid out neatly. I have seen the book in question – I may not know usernames or services from the entries but the passwords are easy to spot. Now I can brute force these passwords, with email addresses, across all the services and see which ones work – I won’t of course.

The above two points are good when it comes to a password book, however:

  • Lose the book, lose your passwords.
  • A password book is no defence against an insider threat with a smartphone camera – either at home or in the office.
  • The passwords are only available in one place – do you take the password book with you everywhere?
  • You cannot cut and paste complicated passwords, you have to type them out every time. Human nature at this point would probably mean that the passwords will be made simpler to make typing easier.

Just one more thing…

Even the cute animal pictures do not make this password book a good geek Christmas present for Christmas. However, I do have a list of excellent geek presents here.

Clive Catton MSc (Cyber Security) – by-line and other articles

Further Reading

Back to Basics – Passwords Mini-series

Passwords – Back to Basics

Back to Basics – The Password Part 2

Back to Basics – The Password Keyboard Walk Part 3

Back to Basics – Password Sharing Part 4

Back to Basics Your Password the Finale Part 5

Back to Basics – One more thing about your passwords Part 6

Passwords – Security Theatre Part 7

Back to Basics – Password Fatigue Part 8

Back to Basics – Passwords and Ordinary People Part 9

Featured Photo by Pixabay

Password book images www.clivecatton.co.uk