I read a post this morning and it hit a raw nerve or two.
As followers of the blog will know, I use KeePass for all my work and personal passwords. I’ve come across a number of sites that prevent pasting passwords for “security reasons” and it drives me nuts. Fortunately, most of the them can’t prevent the auto-type feature, so at least that’s something…
This attitude goes beyond websites though. The policy at my current employer is all passwords should be strong and unique, but you are not allowed to use a password manager. Why? Because if someone installs a key-logger on your PC and gets the credentials for the password manager, they will have access to all your passwords. WTF? I think this attitude is moronic. I am not capable of remembering hundreds of unique, strong passwords. Using patterns is predictable, so that is also a fail.
I have seen the way some of my colleagues (past and present) deal with passwords and it is farcical.
- One password to rule them all.
- Kept in a text/word document on the desktop.
- Kept in a text/word document on a network drive.
- Kept on a piece of paper in their desk draw, that is never locked.
- Freely shared amongst colleagues, so they can “test something using my account”.
For someone to step in and say we can’t use a tool that generates random, strong, completely unpredictable passwords and stores them in an encrypted format makes my blood boil.