In article <mailman.7619.1393815421.18130.python-l...@python.org>, Chris Angelico <ros...@gmail.com> wrote:
> The greatest threats these days are from the network, not from someone > physically walking into an office. (That said, though, the low-hanging > fruit from walking into an office can be *extremely* tempting. Pulling > off a basic password leech off sticky notes is often so easy that it > can be done as a visitor, or at least as a pizza deliveryman.) Doesn't even require physical presence. With the ubiquity of various video chat applications, as long as the sticky note is in the field of view of the camera, you've leaked the password. With the right lighting, I wouldn't be surprised if you could pick up the reflection of a sticky note in somebody's eyeglasses. So, here's my own (embarrassing) story of password leaking. Back when smartphones were new, I had one of the early Palm Treos. I decided a good place to store my passwords was as fields on my own card. What I didn't realize was that if I beamed[*] my card to somebody, I was also giving them all my passwords, mostly because it had never occurred to me that I might want to beam my card to somebody. Until somebody else in my office got another smart phone that had beaming capabilities and we decided to see how it worked. It occurred to me as soon as we completed the first experiment. I used to work at <big company> which had a typical big company IT department which enforced all sorts of annoying pseudo-security rules. As far as I could figure out, however, all you needed to get them to reset anybody's password and tell you the new one was to know their employee ID number (visible on the front of their ID badge), and to make the call from their desk phone. [*] Beaming: a prehistoric technology which allows exchange of data over an infrared light beam. -- https://mail.python.org/mailman/listinfo/python-list
