The flipside of too much security

I just typed my password into a google search.

That was accidental; I run a multitude of different operating systems across a number of different hardware and virtual platforms.  Some of the places I’m required to enter passwords save them securely for me (for example, my corporate VPN client), others I use a password manager in the browser.  But sometimes I still have to enter them manually.

I like my bank – it uses _parts_ of my password so I never inadvertently type it anywhere.  However this entering of my password in Google happened because of a couple of things: being eternally vigilante throughout the day does not equate to having to enter a password multiple times, and screen blanking versus screen locking.  In the case in question one of my laptops went blank screen to powersave, I then started typing my unlock password (which is mandated changed every 90 days) and pressed enter, only to find that the screen had blanked but not locked.  Of course I can alter this so that when it blanks it also locks, but my point is that constantly entering passwords is counterproductive and some sort of presence (RFID? geo-fencing?) is more applicable than the simple you-have-not-touched-the-keyboard time out, and is probably better for security control.

And don’t get me on to the mis-handled SSO tokens, constant re-entry of passwords throughout the day as I use corporate internal websites!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s