How many users over the years...
Have written their password down and post-it note'd to the monitor - seems this trend is set to continue for ever, and advances with technology.
The Wi-Fi SSID and password for the football World Cup's security centre were exposed – after a photograph of host nation Brazil's federal police brass inadvertently captured the creds written on a white board. The snap appeared in newspaper Correio Braziliense, and showed the head of international cooperation Luiz Cravo Dorea …
One of my brothers, who recently passed away, went on step better than Post-it Notes on ALL of his computers...he took the time and trouble to use a label maker to neatly create labels with every username and password he used online...and then affixed them to his computers.
When my other brother, a Sys Admin like myself, found this and showed me what he had done, we both were speechless.
Sounds like a good idea.
You are trying to protect your online banking from a hacker on the other side of the world, not a family member looking over your shoulder. So a long complex password written down is better than a short memorable password that you never change.
> a long complex password written down is better...
Except that if you read your online banking terms and conditions you'll find that writing down your password in this way is forbidden, and you'll be liable for fraudulent losses should they occur.
I protect my passwords from family and friends, and expect them to protect theirs from me; there seems to be this weird idea floating around that F&F ought to be trusted, which IMHO undermines the correct mindset with respect to front-line security.
Because, management, of a certain type. On the premises of a former employer who shall remain nameless, I once punched in the server room PIN, opened the door, and found myself face to face with the 'Health & Safety' Manager (who was inexplicably in possession of the PIN) along with two bods from an insurance company. He proceeded to complain that cables at the back of the rack were unsafe, and that one of the insurance bods had nearly tripped over them (more on this later...).
He appeared somewhat perplexed when I pointed out to him that entering the server room without authorisation or accompaniment by IT staff constituted gross misconduct. Not as perplexed as me when a) I discovered that the Insurance bloke had actually 'tripped over' several cables and in one fell swoop taken out a card payment system and b) we proceeded to take the blame for the downtime.
Unsurprisingly no action was taken against the 'H&S' Manager, or the person who gave him the PIN code for a restricted area. For a certain species of manager, policies are for the peasants, statutes for serfs; that picture is likely the result when such a person heads up a security operation.
I'd say given the nature of the World Cup, and the media attention surrounding it, the real question is:
What idiot in a security firm(!) thought it would be a good idea to make a billboard out of secured wi-fi credentials?
If you don't know there are going to be cameras absolutely everywhere at an international sporting event, you have no business trying to secure the event.