Sophos Cloud Optix
The dangers associated with writing passwords down were expertly demonstrated by a Japanese airport worker over the weekend as the country prepared for the first visit by a US president in almost 20 years.
Rubbish bins and luggage lockers have been sealed and over 16,000 police officers have been mobilised in the capital city of Tokyo ahead of President Barack Obama’s visit Wednesday night – but it may be the loss of several passcodes that has caused the biggest security headache so far.
Speaking on Tuesday, a transport ministry official said that an employee of Skymark Airlines at Tokyo’s Haneda International Airport mislaid a printout containing key passcodes on Sunday.
The document was found just thirty minutes later on the floor of the departure lobby but the Japanese government were not prepared to take any chances.
Whilst there is no word on which areas of the airport would have been accessible with the lost codes, the ministry instructed the company that manages Haneda International to change them immediately in order to avoid even the slightest chance of a security breach.
The security faux pas comes at an awkward time for the airport, as it is just one month since the Metropolitan Police Department created a dedicated counter-terrorism unit tasked with securing the facility after the number of international flights was increased by almost fifty percent.
The same airport is also set to become a key destination when the Olympic games are hosted in the city in 2020.
It also comes at a time when airport security in general is under the spotlight following the news that a 16-year-old boy had survived a five-hour flight in an aircraft’s wheel well. The lad had jumped a fence at San Jose airport and was able to gain access to the plane’s undercarriage without alerting security.
But the Tokyo airport isn’t alone in having a problem with remembering security codes or passwords without the need to write them down – other organisations have had a good go at embarrassing themselves recently too.
Two years ago a televised ESPN interview took place in front of a wall which proudly displayed two passwords, and in February a CBS Super Bowl report clearly displayed the TV station’s WiFi username and password in the background.
You may also remember the Polish television broadcast that featured a woman being interviewed in front of a whiteboard that displayed the company’s login credentials and Prince William’s RAF photos that showed off an incredibly lame password choice.
So how can you choose a password that is both strong and easy enough to remember without having to write it down?
This video from Sophos gives some great practical advice on doing just that.
As said in the video, it would be foolish to then reuse that same password across the entire web because, should it be compromised in any way, the bad guys will then have access to ALL of your accounts.
Therefore, it would be wise to also use a password manager, such as KeePass or LastPass, which will allow you to store many complex passwords whilst only needing to remember one – and, whatever you do, don’t write it down!
Image of Tokyo Airport and password courtesy of Shutterstock.
I recommend also trying a password manager I use – Sticky Password
Don’t write passcodes down? Really? Hackers trying to break into my computer all the time, searching and testing everywhere on the web…
Password services have employees with possible malicious intentions and would keep MY passwords for me; I should just trust them? Really?
I’ve lost one thumb drive and stepped on another, so that’s a risky storage option.
Keep the list in my brain – I have over 50 accounts, each with it’s own unique passcode. That won’t work for me.
Paper is still the safest option, even in this age of technology.
And you freaked me out by knowing my email, even though I have never visited this site before.
At my local hospital the ward drug room is secured by a numberpad lock.
A new nurse called out to a colleague (during visiting hours) “what’s the code?”
Answer called out across the ward: “1, 2, 3”!
You have to wonder at how good the security set-up is at Haneda if a single employee at a single airline has access to multiple areas that require different passwords. Unless the employee had a special role, it doesn’t make much sense.
It’s not clear to me how a password manager would have helped manage this situation. This was a physical breach, from the sounds of it.
The perfect password system doesn’t seem to have been developed yet. There are trade-offs whatever approach is used. The downside to a password manager is even the most complex password can be hacked and the use of a password manager suggests to the hacker that they will gain access to a lot of valuable information if they are successful in their efforts to break the “master” code.
I note that there is a difference between “handwritten” pass codes and a “printout” of pass codes. Hopefully you keep the facts straight going forward.
I have corrected the headline.