Feed Sign in with OpenID OpenID

Simon Willison’s Weblog

High security is low security

Via Crypto-Gram, a great piece from Bruce Tognazzini about how tough security measures can actively reduce the security of a system:

My wife, the Doctor, was working over the summer at a local hospital. They are fiercely into security, requiring no fewer than four sets of passwords to navigate their system. And why not? There are confidential patient records on those systems! By golly, they ought to have eight sets of passwords, and really make things secure!

So works the mind of a D’ohLTish security engineer, working feverishly away in his cubicle in the basement next to the steam plant.

Take him out for a walk. Let him see the sunshine for the first time in years. Introduce him to some normal human beings. Be gentle at first; these are creatures with whom he has had no contact since being sucked into the depths of the university system.

Then, when his pallor begins to fade and he begins to take on signs of socialization, take him into the offices in the hospital and let him see the four sets of user names and password clinging to the monitors on yellow stickies (e. g., Post-It Notes) or, for the more security-minded, slid into the top drawer where no one would think to look.

Posted 15th November 2003 at 9:14 pm

This is High security is low security by Simon Willison, posted on 15th November 2003.

Tagged , ,

View blog reactions

Next: Linux on the desktop at IBM

Previous: Analysing methodologies

7 comments

  1. Where I work we're forced to change passwords every few weeks. I've been seriously wondering if this is good for security or not: it seems to lead to people using seriously weak passwords but append a digit or two. I would have thought forcing people to use a strong password and never making them changing it (or at least not reguarly) would be much, much better for security. But then again when people share logins and sometimes never logout, who cares?

    Tom Gilder - 16th November 2003 08:43 - #

  2. The comedy I found in a certain company's password system was that certain applications shared a common password, but then there were other "higher security" apps that had to have a separate password. They all expired after x days so you had to reset them and couldn't use the same one over and over.

    The net result? Every time one password expires, everyone goes through and changes absolutely all their passwords to the same thing they just changed the one that expired to. Also, because it expires fairly frequently and often without prior warning, this single password is often extremely simple ... because if you're forced to think of something new when you really need to get into your desktop to get your email/do a presentation/look like you're working then it's hardly going to be the most secure thing in the world.

    Humans are the weak link. And anyone attacking a system is likely to exploit that

    Meri - 16th November 2003 10:06 - #

  3. We used to force pepole to change passwords every few weeks (and make it complex), but then we discovered that they can't remember it and just using notes, writing it on the table and on the Screen! Today our workers are only forced to change password every 6 month.

    Gabby - 17th November 2003 00:34 - #

  4. Strangely enough, although I do subscribe, Crypto-Gram only dropped into my Inbox today, and I haven't read it yet.

    Your piece gave me a good laugh, and reminded me faintly of this, which I just caught up on via Dinodium:

    Anyone who has ever been 15 years old knows that protestations of love, checksummed or no, are not to be taken at face value.

    Michael - 17th November 2003 21:10 - #

  5. On a similar note, a book you might want to read (if you haven't yet) is "The Cuckoo's Egg" by Cliff Stoll. It's a great read.

    Mili - 17th November 2003 22:45 - #

  6. An interesting read at ibm.com, it seems theres never a right solution to security. http://www-106.ibm.com/developerworks/security/lib rary/s-link.html?dwzone=security http://www-106.ibm.com/developerworks/security/lib rary/s-fail.html http://www-106.ibm.com/developerworks/security/lib rary/s-priv.html http://www-106.ibm.com/developerworks/security/lib rary/s-simp.html

    Andrew - 21st November 2003 09:33 - #

  7. We went through a similar situation when the company I used to work for outsourced their network support to a large vendor. The initial policy that the vendor enforced was to expire passwords every 30 days. As an added 'security' measure, passwords couldn't be reused for 12 months. Within a few months password post-it notes appeared on monitors everywhere in the complex. If you didn't see a post-it attached to the monitor, it was a sure bet that you'd find it on the underside of the keyboard.

    Scott - 21st November 2003 20:19 - #

Comments are closed.

Previously hosted at http://simon.incutio.com/archive/2003/11/15/highlow

A django site