Posted
21 October 2004 @ 8 PM

Tagged
security

3 Comments

Sanctity of Passwords

Interacting with PSU clients is always a learning experience. And it always happens that the middle aged gentleman whom you are conversing with, comes up with a real world example. And that simply blows your mind. I was talking to a risk management manager at a PSU bank. Risk management has broadly 3 components - credit risks, market risks & operational risks. We had a long discussion on operational risks, running into 2 hours. Somewhere in between, the conversation veered towards risks at the bank branch level. And he came up with a wonderful anology for sanctity of passwords. He said - there is a certain sanctity to the relationship between a married couple. Everyone in the world knows what has happened before a child is born to them. But it is implicit. No one talks about all those things, do they? Same way, when passwords are not shared by someone you know very well, you should not think that the person is not trusting you. You should understand the sanctity that a password should command. It is implicit that a password is a secret!

3 Comments (closed)

Posted by
Tushar Burman

21 October 2004 @ 11 PM

Interesting analogy, though slightly creepy coming from an elderly PSU official (I know them to be fairly creepy sometimes) I don't quite get the issue, though. Since when is the issue of trust among peers and passwords on the table in security discussions? Unless the peers in question are a couple themselves, I don't see this as a problem. I don't think my co-worker is going to take it personally if I don't give her my password.

Posted by
Nilesh

23 October 2004 @ 1 PM

Since when is the issue of trust among peers and passwords on the table in security discussions?
We have worked all our lives in private firms and that's why we don't think about the importance of this issue. PSU banks on the other hand do not have tech savvy culture. Passwords are never looked upon the way we look at them. Most of the computer frauds in banks are because of open passwords. If your boss asks for your password, you have to give it, irrespective of the criticality of the password. And it is these bosses who have taken advantage of this.

Posted by
Amol Hatwar

31 October 2004 @ 6 AM

I think the sanctity aspect comes when you "share" the password, and the person you share it with understands the responsibility. I've even shared root passwords when neccessary. Even RMS is known to share passwords :-). I think security shouldn't divide people, and most importantly, shouldn't come in between when getting the job done