Yellow Sticky of Doom Revisited

Talking with security experts about the Yellow Sticky of Doom shows that the situation isn’t entirely bleak. They agree that posting notes on a monitor – or the bottom of a keyboard – is bad.

However, they recognize that (somewhat secure) passwords are difficult to remember and will be written down. They point out that combining written passwords with physical security can actually be a reasonable approach.

If you write your password down and place it in a locked desk drawer you achieve a significant level of security. Getting the password out of sight is a good start – rifling through someones desk drawer is usually noticed. And if you lock your desk when you leave you are establishing a reasonable level of commercial security. And the good news about desk drawers is that they can’t be accessed through the Internet!

This approach assumes that you have a reasonable level of physical security for your business or home. If you don’t, password security may be the least of your concerns.

There are a variety of ways to increase physical security, such as control of keys, using secure filing cabinets, or using a safe. Something as simple as a Locking Bar for 4 Drawer File provides significantly enhanced physical security beyond that of common desk locks.

This is an area where you need to look at security from a higher level. Once you recognize that passwords by themselves provide poor security and that passwords will be written down you can develop a rational approach. Consider computers, networks, people, policies, and physical security together – develop a real security policy, rather than passing down edicts that don’t work.

You can’t abolish the Yellow Stick of Doom. But moving it into a locked desk drawer is probably good enough.

About Russell Doty

A technology strategist and product manager at Red Hat, working on the next generation of open source systems.
This entry was posted in Security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s