Sanctity of Passwords
October 21, 2004 08:04 PM
Interacting with PSU clients is always a learning experience. And it always happens that the middle aged gentleman whom you are conversing with, comes up with a real world example. And that simply blows your mind. I was talking to a risk management manager at a PSU bank. Risk management has broadly 3 components - credit risks, market risks & operational risks. We had a long discussion on operational risks, running into 2 hours. Somewhere in between, the conversation veered towards risks at the bank branch level. And he came up with a wonderful anology for sanctity of passwords. He said - there is a certain sanctity to the relationship between a married couple. Everyone in the world knows what has happened before a child is born to them. But it is implicit. No one talks about all those things, do they? Same way, when passwords are not shared by someone you know very well, you should not think that the person is not trusting you. You should understand the sanctity that a password should command. It is implicit that a password is a secret!
3 comments have been added.
Add your comments.
1.
Tushar Burman said...
Interesting analogy, though slightly creepy coming from an elderly PSU official (I know them to be fairly creepy sometimes)
I don't quite get the issue, though. Since when is the issue of trust among peers and passwords on the table in security discussions? Unless the peers in question are a couple themselves, I don't see this as a problem. I don't think my co-worker is going to take it personally if I don't give her my password.
2.
Nilesh said...
Since when is the issue of trust among peers and passwords on the table in security discussions?
We have worked all our lives in private firms and that's why we don't think about the importance of this issue. PSU banks on the other hand do not have tech savvy culture. Passwords are never looked upon the way we look at them. Most of the computer frauds in banks are because of open passwords. If your boss asks for your password, you have to give it, irrespective of the criticality of the password. And it is these bosses who have taken advantage of this.
3.
Amol Hatwar said...
I think the sanctity aspect comes when you "share" the password, and the person you share it with understands the responsibility.
I've even shared root passwords when neccessary. Even RMS is known to share passwords :-).
I think security shouldn't divide people, and most importantly, shouldn't come in between when getting the job done
Your Comments
* Please do not put off-topic comments. We reserve right to delete them at our discretion. You can post anonymously. If you are unable to see your posted comment immediately, it may have been queued for moderation. So do not submit it again. HTML formatting is allowed (only a, b, i, br, p, strong, em, ul, li & blockquote are allowed). Do not put paragraph tags. They are automatically inserted.
3 comments have been added. Add your comments.
1. Tushar Burman said...
Interesting analogy, though slightly creepy coming from an elderly PSU official (I know them to be fairly creepy sometimes)
I don't quite get the issue, though. Since when is the issue of trust among peers and passwords on the table in security discussions? Unless the peers in question are a couple themselves, I don't see this as a problem. I don't think my co-worker is going to take it personally if I don't give her my password.
2. Nilesh said...
We have worked all our lives in private firms and that's why we don't think about the importance of this issue. PSU banks on the other hand do not have tech savvy culture. Passwords are never looked upon the way we look at them. Most of the computer frauds in banks are because of open passwords. If your boss asks for your password, you have to give it, irrespective of the criticality of the password. And it is these bosses who have taken advantage of this.
3. Amol Hatwar said...
I think the sanctity aspect comes when you "share" the password, and the person you share it with understands the responsibility.
I've even shared root passwords when neccessary. Even RMS is known to share passwords :-).
I think security shouldn't divide people, and most importantly, shouldn't come in between when getting the job done
Your Comments
* Please do not put off-topic comments. We reserve right to delete them at our discretion. You can post anonymously. If you are unable to see your posted comment immediately, it may have been queued for moderation. So do not submit it again. HTML formatting is allowed (only a, b, i, br, p, strong, em, ul, li & blockquote are allowed). Do not put paragraph tags. They are automatically inserted.