Oh pshaw. Sticky notes are not very green. The bottom of the keyboard takes care of that.
I remember horrifying a user by looking underneath. What was funny; she wrote it in silver ink as the keyboard was black. From: Jonathan Link [mailto:[email protected]] Sent: Friday, March 16, 2012 10:21 AM To: NT System Admin Issues Subject: Re: Worth some consideration... Uh, yeah they are, if they're not stored in a secure place. Sticky notes, by design, are meant to be placed somewhere convenient to the user, which, to me, suggests somewhere out in the open. That's completely different from a sheet of paper containing some common passwords necessary to certain functions being in a locked file cabinet, with a limited set of users of said file cabinet having keys. So writing passwords down isn't necessarily bad, based on where the data is actually stored and how it is secured. Writing on a sticky note suggests that the data isn't well secured, and that storage is accessible to someone who can easily see the contents of your work area. Do you have external cleaning staff? Or heck, even internal after hours cleaning staff? How can you be sure that the password hasn't been used by them? On Fri, Mar 16, 2012 at 11:58 AM, Crawford, Scott <[email protected]<mailto:[email protected]>> wrote: Agreed. Just pointing out that in an office with doors and walls and other various physical security measures, sticky note passwords aren't *necessarily* as horrible an idea as we like to joke about. Sent from my Windows Phone ________________________________ From: Andrew S. Baker Sent: 3/15/2012 5:26 PM To: NT System Admin Issues Subject: Re: Worth some consideration... I'd rather not accept a false dilemma. There is no reason to have either of the options presented, as both are bad. ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Thu, Mar 15, 2012 at 2:49 PM, Crawford, Scott <[email protected]<mailto:[email protected]>> wrote: I'd rather have "good" passwords written down on a sticky note accessible only to a limited number of coworkers than "bad" passwords that can be exploited by any black-hat on the internet. Sent from my Windows Phone ________________________________ From: Heaton, Joseph@DFG Sent: 3/15/2012 11:07 AM To: NT System Admin Issues Subject: RE: Worth some consideration... Wait... I'm NOT supposed to write my password on a sticky note? How am I supposed to let my coworker use my login, then? Joe Heaton ITB - Windows Server Support From: Andrew S. Baker [mailto:[email protected]<mailto:[email protected]>] Sent: Thursday, March 15, 2012 7:49 AM To: Heaton, Joseph@DFG; NT System Admin Issues Subject: Re: Worth some consideration... That's an implementation problem. If I choose a passphrase of "Mary had a little lamb" then of course that will be relatively weak as passphrases go. That that is not an inherent weakness of passphrases, but of people. Lots of things are undermined by poor choices. Completely random 20 character passwords with a unicode character set are undermined by having them posted on sticky notes. We didn't need a whole article to point that out. ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Thu, Mar 15, 2012 at 10:12 AM, Kurt Buff <[email protected]<mailto:[email protected]>> wrote: http://arstechnica.com/business/news/2012/03/passphrases-only-marginally-more-secure-than-passwords-because-of-poor-choices.ars By Dan Goodin Ars Technica March 14, 2012 Passwords that contain multiple words aren't as resistant as some researchers expected to certain types of cracking attacks, mainly because users frequently pick phrases that occur regularly in everyday speech, a recently published paper concludes. Security managers have long regarded passphrases as an easy-to-remember way to pack dozens of characters into the string that must be entered to access online accounts or to unlock private encryption keys. The more characters, the thinking goes, the harder it is for attackers to guess or otherwise crack the code, since there are orders of magnitude more possible combinations. But a pair of computer scientists from Cambridge University has found that a significant percentage of passphrases used in a real-world scenario were easy to guess. Using a dictionary containing 20,656 phrases of movie titles, sports team names, and other proper nouns, they were able to find about 8,000 passphrases chosen by users of Amazon's now-defunct PayPhrase system. That's an estimated 1.13 percent of the available accounts. The promise of passphrases' increased entropy, it seems, was undone by many users' tendency to pick phrases that are staples of the everyday lexicon. "Our results suggest that users aren't able to choose phrases made of completely random words, but are influenced by the probability of a phrase occurring in natural language," researchers Joseph Bonneau and Ekaterina Shutova wrote in the paper (PDF), which is titled "Linguistic properties of multi-word passphrases." "Examining the surprisingly weak distribution of phrases in natural language, we can conclude that even 4-word phrases probably provide less than 30 bits of security which is insufficient against offline attack," the paper says. [...] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
