Originally published in The Clarion | November 28, 2012
I often wonder what it is going to take for individuals, companies and even governments to get more serious about IT security. In my daily habit of reading articles on various IT-related websites, not a day goes by without seeing at least a few articles related to some sort of security breach. Whether is yet another Distributed Denial of Service (DDoS) attack on a large corporation or government, or something as silly as an image posted online showing someone’s login credentials hanging on the wall behind them, each and every instance somehow shows how lax the worldwide IT world continues to be. I am fully aware that I have written several articles over the years on this subject, but it seems they must continue until things shift in the right direction.
Just this morning I read an article (with pictures included) that really surprised me, although it probably shouldn’t have. It turns out that having secure passwords isn’t near as much of a high priority as I would have at least hoped. Someone did a story on Prince William of Wales, to be published on his “official website” that included images of him sitting in an office of the Royal Air Force. Behind him, taped to the wall, was a sheet of paper with the heading “MilFlip Logon Details” (underlined and in bold font for importance), followed by a username and password. The images I saw had the details blurred out, unfortunately they were released in all their glory before someone noticed the mistake. One can only guess that those images are spreading like wildfire across the Web. Sure the password was changed once the “leak” became known, but that doesn’t necessarily remedy the issue. So many other factors come in to play once credentials like this are published for the world to see.
Depending on an organizations’ protocols for credentials, exposing an example of a username/password combination could have detrimental consequences. According to the article I read about this specific situation, the password was a very weak one. For all I know it was something like “princewill”. Regardless of the specifics, a working username/password combination, when put into the right persons’ hands, could easily lead to an immediate breach of security even if the “leaked” credentials were swiftly changed. What simply amazes me is not that individuals, companies and governments use extremely weak passwords (this to be the norm all too often), but that folks don’t make the simple effort of memorizing their credentials, choosing to display them for seemingly whomever to see. Just for the record, writing a password down and taping it to the underside of your keyboard isn’t any better either. I’m sure some of you may have just blushed at me saying that. The principle of the situation is a very simple one. Whether you’re a basic home user, an employee of the federal government or anything in between, IT security can not and must not be taken for granted.