Comments on: What’s The Password?

By: Kathleen

Kathleen — Mon, 30 Jul 2007 20:29:09 +0000

The thing about all this security is that, for the most part, I don’t have a lot to protect. The reason why most of us can’t find a perfect place in our brains to memorize fifteen different passwords is because all anyone is going to get access to on our work computers is audience mail (maybe), a bunch of corporate memos, and the meaningless (to anyone else) back-and-forth that makes up my job. Financial info, yeah, it’s worth protecting and I’m happy for that kind of security. My e-mail, I don’t see the point. I suppose if you can get into my e-mail, the logic is you can work your way back to something that’s really important if you wanted to take the trouble. I imagine most people would rather hack into a bank or a government department.

By: mike

mike — Fri, 13 Jul 2007 21:47:08 +0000

As I was saying about the Vancouver phone password before being rudely interrupted:

I and other people were told to keep the default password to make it easier to job share.

By: mike

mike — Fri, 13 Jul 2007 18:06:21 +0000

>>Even today, at least in Vancouver, there’s a simple default password for everyone’s voicemail box

By: Kev

Kev — Thu, 12 Jul 2007 21:52:24 +0000

I can remember maybe 5 randomly-generated passwords (the only kind worth having). If using an encrypted db with a ridiculously long passphrase means I can have 30 or 40 random passwords, thereby eliminating the crudest of attacks, that’s a decent tradeoff. Unfortunately security is all about tradeoffs.

By: DAVE

DAVE — Thu, 12 Jul 2007 17:37:45 +0000

Shouldn’t users be tasked with remembering their own user names and passwords? Like I told the lawyer in charge of security at the bank after I took over his computer in front of his very eyes… security is an illusion.

Why is it my friend was able to take over a hydro-electric damn with his laptop from inside the hydro network is beyond me. So storing passwords in a DB makes me nervous, just my 2 ¢.

By: Tod Maffin

Tod Maffin — Thu, 12 Jul 2007 16:48:11 +0000

Even today, at least in Vancouver, there’s a simple default password for everyone’s voicemail box (no I won’t reveal it here). Not many people change it from the default. If you know the “secret”, you can listen to lots of people’s voicemails.

By: Tod Maffin

Tod Maffin — Thu, 12 Jul 2007 16:47:11 +0000

Oh, one more thing. When I was producing for DNTO, I did a piece on how easy it was to hack systems. I hired a “white hat hacker” to try to hack into CBC’s content management system.

He did it in ten minutes.

Username: remote
Password: control

We could have changed the front news page of cbc.ca if we wanted to. (Don’t think I wasn’t tempted!)

And this, my friends, is why strong passwords (with uppercase letters, numbers, and symbols) is important.

By: Blake

Blake — Thu, 12 Jul 2007 15:22:11 +0000

Having to memorize over 30 usernames and passwords is just not possible. Plus with the employee churn rate we have here, it would be impossible to remember a new set of over 30 usernames and passwords each time an employee leaves.

Tod replies: Back when the Roundup was on the air, the password to the show was username: roundup , password: sadgoat. "Sad goat" was a common theme on the show. Pretty much ANYONE could have had access to all the show's emails and stuff, even from the outside world. Oddly, since it was such an easy one to guess, I guess nobody even bothered to try it!

By: Michael Tyas

Michael Tyas — Wed, 11 Jul 2007 04:44:28 +0000

Soo….what’s the password again?

By: DAVE

DAVE — Tue, 10 Jul 2007 16:45:34 +0000

Hmmmm that’s insane and goes against all notions of security as I understand it. Passwords should be memorized only, never written down anywhere, analogue or digital. Users are already dumb enough to give me their passwords to bank transaction software without even checking who I am over the phone, having passwords stored somewhere sounds deeply wacky to me.