Is it a departure really?

Im always pretty sure that the advice has been to avoid writing down your
username/password and storing it in an *insecure* location (i.e. taped to
your monitor at work)

the other hand, if you write down the details and store it in a safe place
(e.g. place it into a safe) then surely you are relying on the security of
the physical device to protect you. That may be an acceptable risk. Im
pretty sure if you wrote down your admin password at home, and stored the
piece of paper underneath your keyboard, you probably t have that much
to worry about (unless you t trust whoever else was living in the
house/unit/apartment). Anyone breaking into your house has full physical
access

Cheers

Ken

From: ActiveDir-owner (AT) mail (DOT) activedir.org
[mailto:ActiveDir-owner (AT) mail (DOT) activedir.org] Behalf Al Mulnick
Sent: Friday, 8 September 2006 1:36 AM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: Re: [ActiveDir] T: admin account in Vista

"Write down your username and password and store it in a safe location."

That's an interesting departure from the usual recommendations. ;-)

9/6/06, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
<sbradcpa (AT) pacbell (DOT) netwrote:

Windows Vista Security : Built-in Administrator Account Disabled:

urity_.aspx

Yes Ken, I believe it is a departure to write down the admin password for
every single workstation out there. Those "defcon" envelopes mentioned
earlier in thread are usually intended for critical systems vs. your user
community desktops. In a company such as the one I'm at now that would be a
huge burden to the way the organization (I use that term loosely of course)
operates. This is not an uncommon organization structure from what I've
seen. There are several workstation configuration groups that are all
semi-autonomous and aligned with the LB's. They certainly can't share the
passwords.

For many years the best practices have been to create passwords that were
difficult but able to be remembered so they would not have to be written
down. Writing it down, the thinking goes, increases the risk that it would
be seen by somebody else.

I guess I could just buy a gimongous safe to put all of those envelopes in,
but that seems a strange departure to me.

My guess is that the call comes from Jessper J (confirmed here:

,39024655,39130618,00.htm )

I strongly disagree with the assertion and reversal of thinking. I believe
that what's really being said is that, "well, we give up. We can't find any
other way outside of causing all computer users to also carry a wallet. No
purses, money-carrying socks, or running shorts if they have no pockets when
you use the computer. We don't know how to change the world so that we have
less than 68 passwords."

Maybe I just need more information about this change in concept and what's
really being said vs. what's printed in that article and the others like it
(Sun has similar statements out there - big surprise, right?)

course, if he's right about the number of passwords not being reduced,
then he's likely also right about the number of people that use the LCD
password and spray it across all systems thereby dumbing down the password
strength across the systems.

I love the back and forth thinking that comes with this and look forward to
the steady and long term thinking that allows folks to get a handle on this
problem. I'm not sure I appreciate the way this is going however.
my passwords on my desk? Hmm I would have thought we could do
better. I know we should. I know we can. I know one-size fits all is not
high on my list of appreciated approaches.

I do agree, Ken, that it's all about acceptable risk and that not all risk
is accepted equally. that we agree 120%. For all the time that has been
put into Vista to make it more security friendly, I hate to see them throw
in the hat on this one though. I suspect that's a recommendation that may
change in Vista sp1 time-frame similar to using empty root domains ;-)

Al

9/8/06, Craig Cerino <ccerino (AT) rez1 (DOT) comwrote:

Agreed
--

*From:* ActiveDir-owner (AT) mail (DOT) activedir.org [mailto:
ActiveDir-owner (AT) mail (DOT) activedir.org] * Behalf *Ken Schaefer
*Sent:* Friday, September 08, 2006 7:30 AM

*To:* ActiveDir (AT) mail (DOT) activedir.org
*Subject:* RE: [ActiveDir] T: admin account in Vista
>
>
>
Is it a departure really?
>
>
>
I'm always pretty sure that the advice has been to avoid writing down your
username/password and storing it in an **insecure** location (i.e. taped
to your monitor at work)
>
>
>
the other hand, if you write down the details and store it in a safe
place (e.g. place it into a safe) then surely you are relying on the
security of the physical device to protect you. That may be an acceptable
risk. I'm pretty sure if you wrote down your admin password at home, and
stored the piece of paper underneath your keyboard, you probably wouldn't
have that much to worry about (unless you couldn't trust whoever else was
living in the house/unit/apartment). Anyone breaking into your house has
full physical access
>
>
>
Cheers

Ken
>
>
>
*From:* ActiveDir-owner (AT) mail (DOT) activedir.org [mailto:
ActiveDir-owner (AT) mail (DOT) activedir.org] * Behalf *Al Mulnick
*Sent:* Friday, 8 September 2006 1:36 AM
*To:* ActiveDir (AT) mail (DOT) activedir.org
*Subject:* Re: [ActiveDir] T: admin account in Vista
>
>
>
"Write down your username and password and store it in a safe location."
>
>
>
That's an interesting departure from the usual recommendations. ;-)
>
>
>
>
>
9/6/06, *Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]* <
sbradcpa (AT) pacbell (DOT) netwrote:

Windows Vista Security : Built-in Administrator Account Disabled:


>
>
>

Message
: From: ActiveDir-owner (AT) mail (DOT) activedir.org
[mailto:ActiveDir-owner (AT) mail (DOT) activedir.org] Behalf Al Mulnick
: Sent: Tuesday, 12 September 2006 12:47 AM
: To: ActiveDir (AT) mail (DOT) activedir.org
: Subject: Re: [ActiveDir] T: admin account in Vista
:
: Yes Ken, I believe it is a departure to write down the admin password for
every single
: workstation out there.

Certainly that is a departure.

: For many years the best practices have been to create passwords that were
: difficult but able to be remembered so they would not have to be written
*
: Writing it down, the thinking goes, increases the risk that it would be
seen by
: somebody else.

Sure. But forcing people to memorize numerous passwords also has its own
risks. So we have tradeoffs here.

I think all that Jesper (et al) are saying is that blanket prohibitions on
writing down passwords tend to ignore the real reason why those prohibitions
came about in the first place. The password is the shared secret that enables
you to authenticate yourself. The shared secret must not be compromised, and
generally if you write down the password it can be compromised, because the
written down password tends to be easily accessible (e.g. taped to the user's
monitor).

However *if* you are able to secure the written down password (e.g. by using
your own password manager application, or a physical safe, or your wallet, or
whatever), then the increased risk of compromise may be acceptable because it
allows you to maintain a more diverse, complex, set of passwords for systems
you need to connect to. If you can not secure the secret, then do not write
it down.

I don't think there's anything really radical in that argument. It's just
that the caveat (security around the secret) has been lost, and the
exhortation not to write down the password has remained.

: I strongly disagree with the assertion and reversal of thinking.

Fair enough. But the original blog post cited did say (emphasis added):

we recommend the follow tips for *home* users

As I mentioned before, for your home PC, if you write down the admin password
and store it under your keyboard are you really risking much (assuming you
live alone or can trust your housemates)? Anyone who has access to that piece
of paper has already probably already broken into your house. You probably
have other worries which are much more pressing than having your computer's
admin password compromised :-)

At the risk of repeating what we already know - security is about risk
management. We need to know what risks we're facing. Home users have more
physical security they can rely on than the average corporate cubicle.
Relying on that physical security may be an acceptable risk.

Cheers
Ken
-+@Bm+v*E
rzm+v **)

You make strong points Ken. I will say my concern is not around the home
users nearly as much, but more because that distinction is completely lost
in the message that Jessper puts out. You'll see that concern realized
here: ,39024655,39130618,00.htm
They're not talking about home users at all.

The problem with being sensational in your declarations is that, well,
you're sensational and people completely take off with the information. I
don't see much work being done to correct that thinking, and as I mentioned
I believe he's also throwing his hands in the air and saying, "well, we
couldn't make things work any better. Passport (and similar) is a failure
so let's go back to what works."

I do wholeheartedly agree that risk is something that varies widely and
should be a case by case basis. I get that. I'd like to see this done a bit
differently I suppose.

Al

9/11/06, Ken Schaefer <Ken (AT) adopenstatic (DOT) comwrote:
--