Feeds

back to article Japan airport staff dash to replace passcodes after security cock-up

The dangers of writing passwords down on paper were laid bare in the Japanese airport of Haneda this week after a member of staff managed to lose a note containing key security codes ahead of US president Barack Obama’s arrival today. The unlucky Skymark Airlines employee dropped the memo – which contained a list of the codes – …

COMMENTS

This topic is closed for new posts.
Silver badge
Facepalm

And someone "dropped it"... <facepalm>

1
0
Silver badge
Trollface

"You idiot, that's not what 'dead drop' means!!!"

0
0
Silver badge

It's amazing how far some companies will go to enhance security, without spending a single dollar, (or yen in this case) on the weakest part of the security link. Their humans.

1
0
Bronze badge
FAIL

Epic fail

Notes containing passcodes are supposed to be stuck to the bottom of ones keyboard!

7
0
Bronze badge

Re: Epic fail

Notes containing passcodes are supposed to be stuck to the bottom of ones keyboard!

You have obviously never managed a helpdesk. Do you have any idea of the call volumes from people who have forgotten that their password cribsheet is underneath the keyboard after a bank holiday weekend? Best practice remains to stick the post-it to the monitor bezel. If security is critical, the post-it may be applied to a flat surface and obscured with a gonk.

6
0
Bronze badge
Happy

Re: Epic fail

"You have obviously never managed a helpdesk."

And for that I shall be eternally grateful.

6
0
Bronze badge
Mushroom

Re: Epic fail

and panic when the PFY replaces your machine by surprise whilst away from your desk.

1
0
Silver badge

Re: Epic fail

Yes, the HUAGA* method has been deployed for over thirty years with no reported breaches, or at least, none that were important.

* - Hidden Under A Gonk's Arse

0
0
Bronze badge

Please tell me

you're not going to copy the BBC.

"Japan airport staff dash to replace passcodes after security cock-up", why not "Japanese airport staff dash to replace passcodes after security cock-up"?

0
1
Bronze badge
Headmaster

Re: Please tell me

> "Japan airport staff...", why not "Japanese airport staff..."?

"Japan airport staff" implies staff at a Japanese airport.

"Japanese airport staff" implies airport staff anywhere who are of Japanese origin.

Better overall to say "Staff at Japanese airport..."

5
0
Silver badge

With biometrics being too unereliable / easily spoofable / invitation to digital amputation (delete as appropriate), passwords / passcodes still offer the best combination of easy/cheap/secure for electronic access. Although 'cheap' doesn't seem so cheap after you quantify in any potential losses due to security breaches. You get what you pay for.

In this case, since it's physical access, what's wrong with plain old keys?

0
0
Anonymous Coward

The sheer number of keys you would have to produce, distribute and control?

Multiply this by the number of times you would have to re-issue them in the the event of a breach and the effort in changing all the physical locks.

3
0
Bronze badge

"what's wrong with plain old keys?"

This is Japan we're talking about. If it doesn't operate by pressing a touchscreen, a keypad or falling out of a vending machine (sometimes AFTER pressing a touchscreen or keypad), it's simply not done.

3
0
Anonymous Coward

"In this case, since it's physical access, what's wrong with plain old keys?"

Volume. And if you drop it someone can pick it up and use it. With a combination you can't drop something you know. Unless you have a half dozen to remember and have to write them down...

Seems the most appropriate solution is 2-factor security - a swipe/RFID card, which is your physical key and means person x can only access those areas they have authority for, in conjunction with a single individual PIN*, such that a dropped card on it's own is useless.

If someone loses their card you only have to disable that card, not reissue cards to everyone else as you would with a physical key (and change the physical locks). Presumably all the staff have ID cards anyway, to prevent someone just telling a mate the codes so they can pop in for a gander at Obama...

Of course someone could give their card to a 3rd party and divulge their PIN, but that's the same risk as them telling a 3rd party the codes or handing over a key/cutting unauthorised copies.

Next step up from that is a security guard checking the photo on the card against the bearer and the reference photo in the database on a terminal, but that'd be overkill for all bar the most sensitive areas.

*Or fingerprint/palm/Iris scanner if you want to go all Mission Impossible, but you could probably recover the fingerprint off a dropped card, so still a risk until the card is reported missing and privileges revoked.

0
0

@AC

There may be a huge number of keys in addition to keypads. Do you have insight there?

0
0
Bronze badge
Linux

unit...

Did anyone else have a flashback from a scene from The Unit....?

"Password of the day is snowcone...."

P.

0
0
Silver badge

Re: unit...

I was flashing back to the Wizard of ID:

Rodney, to guards: Tonight's password is "I Don't Know".

Next day:

King: Good grief! The courtyard is full of Huns. How did this happen?

Rodney: "I don't know"

1
0
Anonymous Coward

sadly

it takes the visit of one of the Ruling Elite before anyone does anything about security.

Anytime before or after it's kids jumping fences and riding in wheelwells.

0
0

And

Just when we hear that Sarah Palin has escaped from Azkaban...

0
0
This topic is closed for new posts.