The last 50 years has seen the emergence of passwords (or pass-numbers) to protect access to everything from your front door to your computer. Cyberlore is has many examples of how poorly we apply this technology, and much of it's true. There are so many ways these security systems can fail, many of which are social and have nothing to do with technology. Stories of passwords left as default, written in convenient places and being based on common personal information are often true, and DO put the user at risk. Even when you use a random password, there are social ways to fail.
Earlier this week in a meeting, I was logging into Windows as one of our techs was watching me type and noted, "At least you don't use a simple password". He could tell that from my finger movements. It's part of what our techs do for our clients, and it reminded me of something that happened years ago as I waited at an airport gate for my next flight.
It had been a long day and I was tired of reading. I also happened to be facing the jet-way access door, but a little off to the side. It was getting close to boarding time and a flight attendant walked up to the door. Before she could enter she had to key in a pass-code on the five buttons of the door knob. OK, I admit it - I was bored. I couldn't help but notice the pattern of movement her fingers made just before she turned the knob and went through the door.
A few minutes later another attendant did the same thing, verifying the code for me, or at least the required finger movement. I laughed to myself at how easy it had been to visually crack this important security system, but didn't realize what was to happen next. I'm still laughing even today. Here's why:
A couple of minutes later the pilot arrived (or co-pilot - at least he had a scrambled-egg hat). Anyway, he keyed in his code. I immediately noticed it was different and wondered if there were multiple valid codes. But then the door didn't open. He tried again - no luck. I smiled to myself. After a third time he swore quietly. They had either changed the code, or he simply didn't remember it correctly.
You may have already figured out what happened next. Yep. I took pity on him, walked up, entered the code, letting him on the plane. After all, I wanted to go home without delay. The look on his face reflected the irony of the situation, but he didn't say anything. I just smiled and sat back down.
The point is, your security can fail in many ways. Keep an opened mind. Cover as many bases as you can, but don't expect any technology to be perfect. Just good enough.
Sierra Computer Group