On Passwords
I commonly think of myself as someone who has the security mindset. Someone who is aware of the security risks around him. Recently I borrowed an ADSL modem/router from work, since my provider was taking their sweet time delivering mine. I used this borrowed equipment for about a month, and then yesterday, I put my own stuff together, router, modem and wifi, and today I returned the stuff that I had borrowed from the office. As I'm handing the stuff back to my colleague, he asks me "so, did you reset your password?". My mind froze. Of course I had not reset my password, it hadn't even occurred to me to do so. Not because I had some reason to not reset my password, as I trust my co-workers, but I had just not thought about it. I realized, then, that the security mindset I operate is clearly not as tuned as it should be. Granted, I doubt anyone here would do something with my password, but that's not the problem. Just the fact that it remains on the device, should it become available to someone else, is the problem. Luckily, I'm not the only one to make such snafus, however.
As I leave, he tells me "don't worry, I'll reset it for you"...
As I leave, he tells me "don't worry, I'll reset it for you"...
Labels: bruce schneier, computers, security