Password Really is the Key to the City

I haven’t posted in a couple of weeks. But this little incident was enough to jump in the saddle real quick. I am working on a couple of other posts which will appear soon.

This incident ongoing in San Francisco is an excellent example for employing "checks and balances." There should never be a situation where one person holds the only set of keys to the data. Never. What should happen then?

Well, every company is going to have one or two "trusted" people. I may be going out on a limb here. At least the owner or executive in charge should fit that category. At any rate, the "trusted" person should set an enterprise level password. Then they should write down the password, seal it in an envelope and stash it in a safe deposit box. Wait, you’re not done. The enterprise level account should then be used to create sub-accounts for those entrusted to do system admin work. That way, if one of them does something they shouldn’t, like locking out everyone’s access, the enterprise level admin can still get in.

Of course, there is no real 100% solution to ensuring this type of event doesn’t happen. Heck, the executive in charge could decide they’ve had enough and lock down the systems. Somewhere along the line a human being has to be trusted to do the right thing.

Maybe then, they could have the real keys to the city.


Jeff Evenson

Jeff is Chief Blogger for Security Friction, writing about the security issues that seem to always have some rough edges when being considered for implementation or integration. Jeff retired from the US Navy as a Chief Cryptologist, worked in the wireless telecommunications and financial sectors. Jeff has spoken at the local college and various community groups.

Leave a Reply

Your email address will not be published. Required fields are marked *