David Pogue, Are You Kidding Me?
June 14th, 2009 @ 8:18 pmShortly after my lunch I saw the following tweet from David Pogue, technology columnist for the The New York Times.
Given Pogue’s large following, I was disappointed by the advice he gave.
A secure password on a laptop isn’t to keep semi-trusted people off of it. It’s to keep it protected in the event that the hard drive is lost. Arguably, the drive could be removed and read without booting it, removing all password protection, but a good password combined with disk encryption can help protect data from theft.
Pogue argues that he doesn’t need a password for security, but any information that is stored on file servers or worse, in his keychain, is accessible with that simple password he is using. Failing to have a secure password not only places his data at risk, but the data of those he might know or work with.
Even if gaining physical access (e.g. finding the computer or stealing it) would grant a person a huge advantage, this is not an excuse to make the password so incredibly simple. And for one of the most well-known technology columnists to suggest otherwise to his 444,666 followers is negligent, bordering on criminal.
The original work of Brandon Savage.
No related posts.
Categories: Best Practices
Seynaeve (@seynaeve) wrote at 6/15/2009 2:36 am:Accuracy: To access a machine via intenet, it must be protected by password. Therefore, not having a password is a light security over against piracy
Brandon Savage (@brandonsavage) wrote at 6/15/2009 5:42 am:While I wish I could say you’re right, I think that you’re naive if you see having no password as any security.
There’s a belief that a Windows machine (and perhaps others) are safer online without passwords; this is categorically untrue. This viewpoint ignores hundreds of attacks against open ports and running services, not to mention it fails to address the biggest security flaw laptops have: their portability.
A laptop password doesn’t exist to protect the laptop online, though that helps. It exists to protect the laptop from being accessed if physically stolen. Combined with good disk encryption, unlocked by the password, the user can be reasonably confident about the laptop’s security.
Web developer, amateur photographer, lover of the outdoors and travel. Expect to find me writing code, hiking or visiting new places. I own Blueprint DC and live in Washington, DC. Follow Me On Twitter!
- The 15 Minute Rule Of Software Development
- Learning Zend Framework: A Case Study
- Why Active Record Isn’t A Bad Design Pattern
- In Defense of Development Practices
- Upgrades In Open Source
- Taking A Look At Propel 1.5
- The Reasons To Attend PHP Conferences
- HipHop For PHP: Who Benefits, Who Doesn’t
- Some Soul Searching
- Cool DateTime Functions In PHP 5.3
Amazing.
Even when I use my laptop for music when we have people over, I log into a separate locked down guest account. It’s not that I don’t trust my friends and family – though maybe I shouldn’t ;) – it’s that I have sensitive information for a variety of customers, people, and organizations in my possession.
Not using a password would be a flagrant disregard to the NDA’s I have in place… and may be actionable if something leaked.