One chestnut from my history in lottery game development:

While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.

Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.

  • dual_sport_dork 🐧🗡️
    link
    1031 year ago

    Or it prompts people to just stick their “super secure password” with byzantine special character, numeral, and capital letter requirements to their monitor or under their keyboard, because they can’t be arsed to remember what nonsensical piece of shit they had to come up with this month just to make the damn machine happy and allow them to do their jobs.

    • @SpaceNoodle
      link
      44
      edit-2
      1 year ago

      I do this in protest of asinine password change rules.

      Nobody’s gonna see it since my monitor is at home, but it’s the principle of the thing.

      • @residentmarchant
        link
        English
        -151 year ago

        A truly dedicated enough attacker can and will look in your window! Or do fancier things like enable cameras on devices you put near your monitor

        Not saying it’s likely, but writing passwords down is super unsafe

        • @KrudlerOP
          link
          English
          551 year ago

          What you are describing is the equivalent of somebody breaking into your house so they can steal your house key.

          • @[email protected]
            link
            fedilink
            151 year ago

            No, they’re breaking into your house to steal your work key. The LastPass breach was accomplished by hitting an employee’s personal, out of date, Plex server and then using it to compromise their work from home computer. Targeting a highly privileged employees personal technology is absolutely something threat actors do.

            • @KrudlerOP
              link
              English
              141 year ago

              The point is if they’re going to get access to your PC it’s not going to be to turn on a webcam to see a sticky note on your monitor bezel. They’re gonna do other nefarious shit or keylog, etc.

              • @residentmarchant
                link
                English
                31 year ago

                Why keylog and pick up 10k random characters to sift through when the password they want is written down for them?

                • @Rooty
                  link
                  41 year ago

                  Again, how is the attacker going to see a piece of paper that is stuck to the side of the screen? This rule makes sense in high traffic areas, but in a private persons home? The attacker would also need to be a burglar.

                  • @KrudlerOP
                    link
                    English
                    21 year ago

                    It seems that some people are having trouble following the conversation and a basic stream of topical logic.

                    The initial premise was that somebody could see your passwords by pwning your machine… And using that to… Turn on webcam so they could steal your password so they could… pwn your machine?

                    Lol

                  • @KrudlerOP
                    link
                    English
                    11 year ago

                    deleted by creator

                  • @KrudlerOP
                    link
                    English
                    11 year ago

                    deleted by creator

        • @KrudlerOP
          link
          English
          11 year ago

          deleted by creator

    • @[email protected]
      link
      fedilink
      21 year ago

      Your coworkers put their password under the keyboard ? Mine just leave a post it on the side of the monitor.