back to article You say I mustn’t write down my password? Let me make a note of that

My desk-side wastepaper basket is full. OK, sure, first world problems and all that, but it’s 8am and I have only just walked in to the office. Why would my bin be full? I haven’t put anything in it yet. Despite being full, this bin does not contain what an office bin is supposed to contain: there’s no half-full coffee cup, …

Silver badge

Re: When I was your age...

300 baud? Luxury!

When I started we just shouted 1s and 0s down the phone line to each other.

If someone replied "Pieces of 7" you knew it was a parroty error.

31
0
Silver badge

Re: Of course, real dinosaurs remember acoustic couplers and 300 baud

Radio Shack / Tandy had a solder-it-youself kit for the acoustic coupler's electronics, and a pair of headphones made a good combination of microphone, loudspeaker and rest for the handset, with some tinkering. Good enough to connect a C64 to a bulletin board...

1
0
Anonymous Coward

33 1/3

You spin me right round, baby, right round.

3
0

Re: When I was your age...

Dammit Steve K. You owe me a keyboard.

0
0

Re: Auto generated passwords

<pedant>33k6!</pedant>

0
0

Generally speaking, if an attacker has access to your physical desks, you've lost already.

So maybe the problem is accidental disclosure of passwords via photos/videos on social media or otherwise... in which case passwords in a notebook should be fine.

However what appears to be needed is an office single-sign-on and integration into the services that all require separate passwords at the moment.

Let's not mention the placement of passwords and other sensitive information in standard waste paper bins rather than secure disposal units.

12
1
Anonymous Coward

We have had a global ruling in all our offices of no use of cameras of any type, including those built into phones, laptops etc.

About a couple of years ago, they decided to switch from BBs to Smart Phones, which are Android, and come with a built in camera, which we have to use for expense claims (Concur).

So doing your expenses in the office, is officially breaking the rules (rules that everyone just ignores now anyway!).

In the last 6 months, we've migrated from Lotus Notes, to Office 365, including Skype for Business, and are now being encouraged to Skype people, including video, rather than phone them.

I checked, the security policy, is still states no cameras in the offices!

Nice to see the corporate world is in sync between departments!

20
0

Fair point about physical access. Perhaps keep the notebook in a locked drawer?

3
0

Three words...

Password Manager Application.

One password will have to rule them all so make sure it's not something obvious like your name, your pets name, your address or your favorite sports team, etc. Don't use a cloud service, if they get cracked and/or accidentally release millions of stored accounts to the world+dog then you have to change everything.

9
0
Anonymous Coward

Re: Three words...

The types I've worked with would use it, but then write the master password for that on a piece of paper..

8
0

Re: Three more words...

Can't...fix...stupidity.

5
0
Anonymous Coward

Re: Three words...

I've used KeePass for a while now, and quite happy with it.

Uses a local encrypted DB, which you can then pop onto a pen drive, or cloud storage as you wish.

I then use Keepass2Android Offline on the phone.

0
0
Silver badge
Coat

Re: Three words...

Problem with that is our place enforces bitlocker on usb storage, itself then requiring a password to unlock...

I'd use the joke icon, except it's anything but!

1
0
TRT
Silver badge

It's Ok! I use thumbprint verification...

And as they've banned paper, electroconductive ink and gummibears from the workplace it's all hunkyd0ry.

1
0
Silver badge

Re: It's Ok! I use thumbprint verification...

They've banned paper, electroconductive ink and gummibears, but not knives...

10
0
Silver badge
Pint

I learned a valuable lesson at one site very early in my career. The techs would write down the passwords on bits of paper, then they started finding developers getting more access to things they shouldn't. Turned out the devs would turn up late, stay late to prowl Ops techs desks looking for the "mystical keys" on scraps of paper!

At the time I bought a memory study course, studied it and learned ways to remember around 50-60 separate passwords at a time. Sadly old age is catching up with my knackered old brain and I now rely on one of those mobile phone password safes.

7
0
Silver badge

now age has caught up with me, I cant remember the passwords from last week but I have no problem remembering ones from the 90s

23
0
Happy

Have you thought of reusing those old passwords?

Some anyway still might work.

0
0
Trollface

Simple, change all your password to the ones you remember.

I am so old my passwords are TorreyCanyon, MartinLuther and DinosaursWip3dOut.

0
0

Clear desk policy

Way back in 2000 I worked for a computer company where one of the pointy haired bosses decided on the spur of the moment to implement a clear desk policy in a rather "provocative" way.

Returning one morning from an off-site meeting the previous day, I found my laptop had mysteriously disappeared.

This was the opportunity for said PHB to loudly deliver a security lecture to the whole office*, before grudgingly giving me my laptop back.

However, I guess the look I gave him was clear enough, as he didnt try that stunt with anyone else.

*nobody, but nobody, in the entire company locked their laptops away overnight, or used kensington type locks, because there was card-controlled access to the building, and all bags were searched on entering or leaving

3
0
Anonymous Coward

Re: Clear desk policy

Card Controlled Access I find are usually crap, they mostly just magnets and most companies don't spend enough to cover all the doors.

So queue someone going into the office pushing a side door which should have been locked, turning a fuse off to several others and stealing a crusty old server (Brand new one above it was left???).

Anon because no one likes to talk about that here.

2
0
Silver badge
FAIL

Re: Clear desk policy

Card Controlled Access I find are usually crap, they mostly just magnets and most companies don't spend enough to cover all the doors.

Card access and CCTV notwithstanding, a couple of years back a bunch of thieving scrotes just heaved a pavement tile through a ground-floor window, and made off with a bunch of laptops.

Most of them not being locked.

And one of those being the security manager's.

6
0
Silver badge

Re: Clear desk policy

Card access doesn't stop the insiders. We had bunch of the old 19" CRT that weighed in at about 75 pounds (35 kg) taken. Brand new and in the box so you know this some years ago. A manager came in late one night to pick up something for an early off-site meeting and found the security guards loading monitors into a van.... Who watches the watchers?

3
0
Silver badge

Re: Clear desk policy

"This was the opportunity for said PHB to loudly deliver a security lecture to the whole office*, before grudgingly giving me my laptop back."

This was the point at which you should have said "So that explains it. It was running the remote server for the client demo...."

1
0
Megaphone

RTF Email

An unexpected double-meaning there, one an instruction and the other a curse!

Not just colleagues though, the problem also exists for people at whom we wish to throw copious amounts of cash as an actual paying customer, something I see from time to time to my complete empuzzlement and peed-offed-ness. And something an associate has been swearing about for weeks, apparently anything to do with building repairs only ever gets a response if you have a camera crew and/or short baldy in tow.

1
0
Silver badge
Pirate

Passwords and disaster recovery.

If it's anything important a relative or workmate etc needs to access, write down the passwords, user, email, machine, website etc. EVERYTHING.

Put it with your will or something else that will not be accessible to neer-do-wells, thieves, small children and will 100% turn up if you are knocked down / heart attack / stroke / randomly shot etc.

9
0
Silver badge

Re: Passwords and disaster recovery.

I did consider the fail-safe cron job / standing order to send relevant passwords / money to the right people in the event of my demise. i.e. need to reschedule the job each month to stop it sending the password file to the appropriate recipient.

2
0
Anonymous Coward

Re: Passwords and disaster recovery.

"Put it with your will or something else that will not be accessible to neer-do-wells, thieves, small children and will 100% turn up if you are knocked down / heart attack / stroke / randomly shot etc."

I don't know if you can really do that. After all, what if the ne'er-do-well is your spouse or kin?

0
0
FAIL

Re: Passwords and disaster recovery.

Oh yes, I remember when the power went and the generator didn't kick in .... only then did they realise that the emergency procedures and DR process were securely kept only in electronic format.

Needless to say that did not last

4
0

Re: Passwords and disaster recovery.

generator didn't kick

Northgate's generators did them no good when Buncefield went up. In fact, they were unseated from their mounting against the Bumcefield fence and ended up embedded n the building.

Never assume power is uninteruptable!

0
0
Anonymous Coward

When I worked for MOD our password system used to be the usual "At least 10 characters long, contain at least 1 uppercase, 1 number and 1 special character" and we were forced into changing them every month and it remembered the last 10 and also pattern matched looking for similarities from previous variants, so actually it was OK and reasonably user friendly.

But then...

A random password generator was thrust upon us to make us more secure: Const-vowel-const-const-vowel-const-number-Const-vowel-const-const-vowel-const-number

So (for example): baszol4fonqit6

A random security sweep a few months after it was introduced (of our clear-desk-policy area) revealed scores of post-it notes under keyboards, inside unlocked drawers, pinned to calendars (and even, in one case, written in the corner of a little used whiteboard) - when almost no infractions had been previously discovered.

I left shortly after when they also, effectively, banned Christmas (the year I left Christmas cards (which had been previously been given a waiver) were included in the clear desk policy and weren't allowed to be displayed...)

Anon because I still have to work with some of my ex-employers at my new organisation.

9
0

I have fake passwords tapped to the edge of my screen. I figure it might keep someone amused for a bit trying to find out why they don't work.

24
0

Yeah, it's all fun and games until they hit the max attempts and lock all of your accounts out...

0
0

Clear Desk Policy

Far from a thing of the past, is a requirement under ISO27001.

3
0
Anonymous Coward

Re: Clear Desk Policy

Isn't that in ISO 27002? I keep mixing them up :)

To be honest, I never had a problem with it at MoD. In some jobs it's simply part of the routine. Far more amusing was the regular change of dial lock codes - we had a navy cryptologist who could open these things anyway (apparently nights at sea are really boring, so he worked this out to amuse himself) :).

I rather liked dial locks. Far more interesting than the boring modern pushbutton equivalent..

5
0
Silver badge

Re: Clear Desk Policy

Isn't that in ISO 27002? I keep mixing them up :)

We're almost getting into Space Corps Directives territory here:

39436175880932/B: "All nations attending the conference are only allocated one car parking space" or

39436175880932/C: :"POWs have a right to non-violent constraint" ?

7
0
Silver badge
Coat

Re: Clear Desk Policy

So, llike this?

5
0
Anonymous Coward

Re: Clear Desk Policy

"we had a navy cryptologist who could open these things anyway (apparently nights at sea are really boring, so he worked this out to amuse himself)"

A former colleague once found himself stuck in a hotel for a long weekend with nothing to do except wait for a Monday morning flight..

He had a combination lock briefcase so set out to try every combination from 000 000 upwards.

He simply wanted to get an idea of how long a full brute force attack on the thing was likely to take,

4
0
Anonymous Coward

Re: Clear Desk Policy

So, like this?

Actually, I had a desk like that. All it took was some intelligent use of black 50x50mm cable ducts (conveniently sold in packs of 2m length - I use these a *LOT* to clean up cable messes) and it was usable for IT.

You do need to be careful in which mouse you use, though. I found that the Logitech "Anywhere MX" mouse works quite happily on a transparent glass surface.

1
0
Silver badge

Re: Clear Desk Policy

"So, like this?"

It reminds me of a quote from Len Deighton which goes something like "Bret's desk was like his women with shiny legs and see-through drawers".

2
0
Anonymous Coward

Civil service

Two civil servants explained how they handled their offices' clear desk policies.

The first used to put the contents of his desk top into a very large envelope. He then addressed it to himself and put it in the internal mail - to be delivered to him first thing next morning.

The other was fortunate in having been assigned an old fashioned roll-top desk. He merely closed and locked the roll-top before he left.

15
0

Re: Civil service

Absolutely! If someone wants me to have a secure desk, give me a rolltop desk.Covers all the requirements of securing laptops, PCs etc, and anything on my desk is secure.

If they don't want to get me a rolltop desk, then clearly the policy isn't that important...

There is always the option of the lockable workspace - I believe they used to be called offices...

22
0
Anonymous Coward

Re: Civil service

"There is always the option of the lockable workspace[...]"

The office did a big refurbishment of the building - including lots of small and large cupboards for security. Site Services weren't very happy when I pointed out that all the locks had visible numbers - and a very small set of different numbers covered the whole building.

5
0
Anonymous Coward

someone higher up in my I.T. dept decided to implement a "clear desk" policy by deleting without warning an unbackedup temp storage volume that was full of the rest of the I.T depts stuff. years of stuff. no warning. seriously no warning - not so much as a by-your-leave , or a casual heads up . nothing.

Please imagine the 'pissed off with flames' icon is used here

we have a tough enough job without other members of your team sabotaging your efforts

i

5
0

Really dick move. But unfortunately he had a point, and I bet its backed up now ;)

0
0
Anonymous Coward

"[...] I.T depts stuff. years of stuff. no warning. "

We did an internal office move into newly refurbished quarters on the same site. On the Friday we left all our stuff in crates to be moved over the weekend. On unpacking we realised that all our extension cables were missing. There was apparently a new 'elf & safety policy that extension cables were now verboeten - so they had all been extracted and thrown away. That didn't help us when we arrived on a customer site with monitoring kit and needed power from a distant socket.

3
0
Anonymous Coward

Mississippi

I once had a young American chap working for me and from time to time he needed to man the phones and perform password resets. For reasons that escape me he decided to reset one password to Mississippi but with each occurrence of "i" replaced with "1" and each of the "s" characters replaced with a "5". Rather than spelling it out letter by letter he simply told the poor lass on the other end of the phone what he had done. After a fruitless half hour on the phone with multiple attempts getting her to login it became apparent that she did not know how to spell Mississippi ...... and neither did he.

14
0
Anonymous Coward

Re: Mississippi

"[...] it became apparent that she did not know how to spell Mississippi [...]

In England in the 1950s there was a children's rhyme, possibly for skipping, that went "Missus M Missus I Missus SSI - Missus S Missus S Missus IPPI

0
0
Silver badge

Re: Mississippi

>Mario Voice<

Emma come-a first.

I come-a next.

Then two assa come-a together.

I come-a again.

Two assa come-a together one more time.

I come-a once-a more.

Pee-a twice.

I come-a once more time in the end.

Anna thatsa how you spell-a Mississippi!

3
0
Silver badge
Joke

One small niggling concern about the clear-e-desk policy proposed - how does one arrange emails in a square fashion?!?

10
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018