back to article Japan airport staff dash to replace passcodes after security cock-up

The dangers of writing passwords down on paper were laid bare in the Japanese airport of Haneda this week after a member of staff managed to lose a note containing key security codes ahead of US president Barack Obama’s arrival today. The unlucky Skymark Airlines employee dropped the memo – which contained a list of the codes …

COMMENTS

This topic is closed for new posts.
  1. Mark 85 Silver badge
    Facepalm

    And someone "dropped it"... <facepalm>

    1. DropBear
      Trollface

      "You idiot, that's not what 'dead drop' means!!!"

  2. John Tserkezis

    It's amazing how far some companies will go to enhance security, without spending a single dollar, (or yen in this case) on the weakest part of the security link. Their humans.

  3. WonkoTheSane
    FAIL

    Epic fail

    Notes containing passcodes are supposed to be stuck to the bottom of ones keyboard!

    1. 's water music

      Re: Epic fail

      Notes containing passcodes are supposed to be stuck to the bottom of ones keyboard!

      You have obviously never managed a helpdesk. Do you have any idea of the call volumes from people who have forgotten that their password cribsheet is underneath the keyboard after a bank holiday weekend? Best practice remains to stick the post-it to the monitor bezel. If security is critical, the post-it may be applied to a flat surface and obscured with a gonk.

      1. WonkoTheSane
        Happy

        Re: Epic fail

        "You have obviously never managed a helpdesk."

        And for that I shall be eternally grateful.

      2. Captain Scarlet Silver badge
        Mushroom

        Re: Epic fail

        and panic when the PFY replaces your machine by surprise whilst away from your desk.

      3. Stevie Silver badge

        Re: Epic fail

        Yes, the HUAGA* method has been deployed for over thirty years with no reported breaches, or at least, none that were important.

        * - Hidden Under A Gonk's Arse

  4. Matt 21

    Please tell me

    you're not going to copy the BBC.

    "Japan airport staff dash to replace passcodes after security cock-up", why not "Japanese airport staff dash to replace passcodes after security cock-up"?

    1. WonkoTheSane
      Headmaster

      Re: Please tell me

      > "Japan airport staff...", why not "Japanese airport staff..."?

      "Japan airport staff" implies staff at a Japanese airport.

      "Japanese airport staff" implies airport staff anywhere who are of Japanese origin.

      Better overall to say "Staff at Japanese airport..."

  5. James Micallef Silver badge

    With biometrics being too unereliable / easily spoofable / invitation to digital amputation (delete as appropriate), passwords / passcodes still offer the best combination of easy/cheap/secure for electronic access. Although 'cheap' doesn't seem so cheap after you quantify in any potential losses due to security breaches. You get what you pay for.

    In this case, since it's physical access, what's wrong with plain old keys?

    1. Anonymous Coward
      Anonymous Coward

      The sheer number of keys you would have to produce, distribute and control?

      Multiply this by the number of times you would have to re-issue them in the the event of a breach and the effort in changing all the physical locks.

    2. Goldmember

      "what's wrong with plain old keys?"

      This is Japan we're talking about. If it doesn't operate by pressing a touchscreen, a keypad or falling out of a vending machine (sometimes AFTER pressing a touchscreen or keypad), it's simply not done.

    3. Anonymous Coward
      Anonymous Coward

      "In this case, since it's physical access, what's wrong with plain old keys?"

      Volume. And if you drop it someone can pick it up and use it. With a combination you can't drop something you know. Unless you have a half dozen to remember and have to write them down...

      Seems the most appropriate solution is 2-factor security - a swipe/RFID card, which is your physical key and means person x can only access those areas they have authority for, in conjunction with a single individual PIN*, such that a dropped card on it's own is useless.

      If someone loses their card you only have to disable that card, not reissue cards to everyone else as you would with a physical key (and change the physical locks). Presumably all the staff have ID cards anyway, to prevent someone just telling a mate the codes so they can pop in for a gander at Obama...

      Of course someone could give their card to a 3rd party and divulge their PIN, but that's the same risk as them telling a 3rd party the codes or handing over a key/cutting unauthorised copies.

      Next step up from that is a security guard checking the photo on the card against the bearer and the reference photo in the database on a terminal, but that'd be overkill for all bar the most sensitive areas.

      *Or fingerprint/palm/Iris scanner if you want to go all Mission Impossible, but you could probably recover the fingerprint off a dropped card, so still a risk until the card is reported missing and privileges revoked.

  6. Kibble

    @AC

    There may be a huge number of keys in addition to keypads. Do you have insight there?

  7. phil dude
    Linux

    unit...

    Did anyone else have a flashback from a scene from The Unit....?

    "Password of the day is snowcone...."

    P.

    1. Stevie Silver badge

      Re: unit...

      I was flashing back to the Wizard of ID:

      Rodney, to guards: Tonight's password is "I Don't Know".

      Next day:

      King: Good grief! The courtyard is full of Huns. How did this happen?

      Rodney: "I don't know"

  8. Anonymous Coward
    Anonymous Coward

    sadly

    it takes the visit of one of the Ruling Elite before anyone does anything about security.

    Anytime before or after it's kids jumping fences and riding in wheelwells.

  9. Robert Carnegie Silver badge

    And

    Just when we hear that Sarah Palin has escaped from Azkaban...

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020