Shostack + Friends Blog Archive


Unclear On The Concept

[via DocBug]

6 comments on "Unclear On The Concept"

  • Kees Leune says:

    Excellent catch.
    Hello, World!n

  • Sven Svensson says:

    Looks pretty secure to me. Judging from the photo there is no way to enter 7, 9 or *

  • shrdlu says:

    Ah, an excellent year …

  • Dan Weber says:

    Believe it or not, there is an excellent reason for doing this.
    1. You want the people who currently have access to the room to keep on having it.
    2. You want them to quickly learn the brand new code and/or how to use the brand new keypad entry system.
    3. After everyone learns it, you can take the sign down.
    Surely it’s not as secure as having everyone enter their own 6-digit code and throwing an alarm on an incorrect entry. However, sometimes usability is more important than perfect security.
    MIT used to have signs at the start of every school year on the computer labs saying “37619*”.

  • Iang says:

    Thanks Dan for eloquent explanation!
    This reminds me of the “Doh!” experience I had when someone outside the security business explained why he had turned off the password obscurity feature. His users were typing in their passwords and seeing them in the clear instead of *****.
    He explained that (a) we don’t live in university terminal labs any more, and (b) lost passwords are the #1 support problem. Ditto, it is now better to train users to write their passwords on a post-it note on their PC…

Comments are closed.