[Discuss] A Little OT: The Password Post-It

Kyle Leslie fbxxkl at gmail.com
Wed Apr 18 11:53:54 EDT 2012 

KeePass... it saved my life.

Seriously though, I have suggested it to a few grandparents/parents.. They
love it.

May need a little help setting it up but otherwise its great from there.

On Wed, Apr 18, 2012 at 11:45 AM, Chris O'Connell <omegahalo at gmail.com>wrote:

> Greetings All,
>
> I've noticed that some of my users have been writing their passwords on
> post-its and leaving them all over the place.  Our office has a Written
> Information Security Policy that each user signed, stating that passwords
> are not to be written down and stored in plain site.  Management at my
> company isn't interested in disciplining anyone regarding these violations.
>
> As some of my users are in their late 70s and late 80s, I kind of
> understand the need to write passwords down.  However, some of my other
> users are just plain dumb and complain all day about how many passwords
> they have to remember and how hard their lives are as a result.  One
> particularly whiny person can't remember the four digit alarm code that she
> uses every day to get into our building.  As a result she has written it on
> the back of her business card and leaves it in her cell phone case.
>
> I've come to realize that making things "more secure" is actually making
> the our information systems less secure.  Further, adding levels of
> security is making the computer using experience at my organization more
> challenging for the already technically challenged.  For example, enabling
> password complexity requirements just makes things harder for people to
> remember.  The result is more passwords written on post-its.
>
> I think we, as IT professionals, have to acknowledge that not all of our
> users are as savvy we are.  Not everyone is going to be capable of keeping
> their passwords straight.
>
> Perhaps the solution is to make things easier for our end users.  I'm
> thinking now that I should install a single-sign-on software on all
> workstations.  Once a user logs in they will never have to enter a password
> again (after the initial setup at least).  On it's face, this may seem like
> a terrible solution.  I'm thinking though that this might actually make
> things more secure as users will not be confused by multiple passwords.
>  Hopefully, this will result in less post-it-passwords.
>
> I can then thoroughly secure the workstations by deploying Bitlocker and
> forcing the screens to lock after a certain period of inactivity.  By
> securing the workstation I'm not noticeably inconveniencing users.  This is
> a bit of give-and take, but a possible win-win.
>
> I'm wondering if anyone else has had similar troubles in the past.  Any
> creative solutions?  I've recommended terminating at least on person here,
> but I think my boss thought I was kidding ;-)
>
> --
> Chris O'Connell
> http://outlookoutbox.blogspot.com
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

More information about the Discuss mailing list