Secret Santa Fail

Password Book

The January blues are in full-flow around the nation and not only am I in a grump but I’m being massively ungrateful to boot!

Allow me to explain. This year, we moved to lovely new serviced offices and to prove that I’m not always in a crank, we participated in Secret Santa with the other companies who share office space here. Of course, I went all out (if you know, you know!) and in return I was given some chocolates and a notebook. Now, I love chocolate and I can never have enough notepads as I try and make contemporaneous notes wherever I am, but so why the ungracious acceptance?

I’m prepared to overlook the Leeds United colours on the book (white, blue, yellow) as it was actually quite tasteful, what I have taken umbrage with is the contents and its purpose. 

The book itself is entitled “Password Book” and when you open it, each page is sectioned with “name/website” “username” “password”. This encourages you to keep everything in one place which is, of course is extremely poor security practice.

I can hear the password management vendors tapping their keyboard in anger as I type this. Now, I’m not saying that keeping your passwords in one place is necessarily a bad idea, I mean, who can remember all of their passwords? Especially complicated strong passwords?

What I am saying is be sensible about how you do this. For example, if I write my passwords into my Christmas gift, all I have to protect these with are my 12oz Cleto Reyes and what do I do if I leave it on the LNER service from Kings Cross? 

There is a plethora of digital password managers available and these are infinitely better! As you’d expect, this technology offers the latest and greatest and most highest level of encryption thus safeguarding your most important data, however, I won’t get into the intricacies of password managers as that is not the purpose of this blog post, plus, I wouldn’t want to discredit any provider by missing out salient information about their product.

Ultimately, the purpose of this post is to highlight that even in 2020 people do not have the hindsight (had to get a vision gag in) to see why this is a poor idea. As we move forwards to a safer digital experience we must start to understand that the weakest link is always the human and a breach will occur because of human error. Security must be ingrained into the very culture of a business and it should be re-visited regularly to ensure that this is being maintained.

Our security consultants are happy to discuss how to implement a reliable programme in line with industry best practices, compliance standards and the shifting threat landscape. If you’re lucky, they’ll also give you some great tips on what to get me for my birthday in February so you stay out of one of my blogs! 

Happy new year one and all.