A Photo Accidentally Revealed a Password For Hawaii's Emergency Agency

An anonymous reader quotes a report from Quartz: In the aftermath of an erroneous missile warning that terrified Hawaiians on Saturday (Jan. 13), the state's emergency management agency has come under increased scrutiny, from the poor design of the software that enables alerts to a particularly slapdash security measure by one of its employees. Old photos from the Associated Press inside the agency's office appear to show an unspecified password on a yellow Post-It note, stuck to a computer monitor. The image, which shows operations manger Jeffrey Wong standing in front of the computer, was taken in July and appeared in articles published at the time about the agency's preparedness in the face of a nuclear threat. The agency verified that the password is indeed real but wouldn't go into specifics on what program the password was supposed to be used for.

Really bad security

[nospam007]

"yellow Post-It note, stuck to a computer monitor."

Everybody knows real security can only be had by posting it under the keyboard, where nobody can photograph it.
Duh!

Re: Really bad security

[Nidi62]

Write a fake password on the front of the post it attached to the monitor and the real password on the back of the note

Re:Really bad security

[The-Ixian]

Time to move it to the fake rock outside your cube...

Re: Really bad security

Not a good plan. You'll end up having to call the helpdesk to get your account unlocked because some idiot kept trying to login as you using the fake password.

Re: Really bad security

Not if the login written on it is to a dummy account.

Re:Really bad security

[AndyKron]

Or in my desk drawer under the monitor and keyboard.

Re:Really bad security

Yep, it's now warningpoint3

Re:Really bad security

[ShanghaiBill]

David Ige, the governor of Hawaii has said this has been a "learning experience" for everyone involved, that it will not turn into a witch hunt, and no one will lose their job. In other words, there will be no accountability or consequences, and the same serially incompetent bozos will remain in charge.

Re:Really bad security

[jader3rd]

no one will lose their job. In other words, there will be no accountability or consequences, and the same serially incompetent bozos will remain in charge.

There can be accountability besides firings. Being excluded from promotion decisions could be one of them.

Re:Really bad security

[ShanghaiBill]

There can be accountability besides firings.

Perhaps. But is a ballistic missile attack response team really the right career for someone that requires a lot of on-the-job training?

Being excluded from promotion decisions could be one of them.

Well, if they screw up the response to a real ballistic missile attack, then sure, delaying their promotion would be warranted.

Perhaps it is time to question whether we should even have state-level bureaucrats assigned to ballistic missile response. Shouldn't that be something handled at the Federal level? The is especially true for Hawaii, which has near Louisiana levels of corruption and incompetence.

Re:Really bad security

[tlhIngan]

David Ige, the governor of Hawaii has said this has been a "learning experience" for everyone involved, that it will not turn into a witch hunt, and no one will lose their job. In other words, there will be no accountability or consequences, and the same serially incompetent bozos will remain in charge.

You're falling into the "we must fire someone for accountability" trap.

That leads to basically incompetents running your ship - if everyone is deathly afraid of losing their job for making a mistake, you end up with a corporate culture of timidity, cover your ass and hiding mistakes.

The modern method is not to fire the person who pushed the button, but to find out the true reason. This is often' called "The Five Whys" because it literally asks Why over and over again.

Like in this case, given what we know.

Why was a missile alert called? Because someone clicked the link to send it.
Why did they click that link? Because they clicked the wrong link - they meant to click the one that produced a test message instead.
Why did they click the wrong link? Because the links were presented as an unsorted list, with the test links appearing on some events ahead of the real link, and sometimes afterwards.
Why did they click the wrong link? Because when you're looking at a huge list of unsorted links, you tend to focus on the one that matches what you're wanting even though it may not be exactly what you're looking at.
Why didn't the software confirm? The software did confirm - it merely asked if they wanted to send the message out.
Why didn't he click no? Because the software didn't tell him what link he clicked, just if he was sure. (E.g., you close an app with a dozen documents open, and all you get is "Save file?" instead of it actually telling you what file to save).

Well, there's something you need to fix - the UI sucks and it's really only an accidental mis-click away from saying the president is dead to missiles have been launched.

So the UI has two problems with it - a huge nasty list of unsorted messages that really should be put in order somehow. And perhaps a big ass button that selects test messages from actual messages. And a confirmation dialog that actually confirms what you are going to send. Perhaps if it was a real message, it would ask first "The message you are sending is not a test message. Click OK to continue and have your supervisor access his console to do same" as well as "Send the non-test message 'Missiles are incoming'?"

Firing someone over mistakes doesn't ensure mistakes don't happen (because the person who learned from it will no longer be present). It instills a culture of fear - that if they click the wrong link, they can get fired. So what would take a few minutes now takes 10 people and an hour because the person who is to send the message has to check multiple times they're clicking the right thing. And the underlying cause won't get fixed, leading to more errors in the future

And imagine if (heaven forbid) a real event happens. You have 5 minutes before missiles hits. Do you want 4 of them to be wasted because the person at the desk responsible for sending it to triple check that yes, that's really the intent because if oh my god if there aren't any missiles I'm going to get fired?

It's why no one was fired for Amazon AWS going down last year, or when GitHub suffered a massive meltdown - errors were made, but the root cause turned out to be an opportunity for human error to do bad things accidentally.

https://en.wikipedia.org/wiki/...

Far too often the question asked is "Who" as if firing that person to make a point will fix the problem. It is the dominant question if you want to assign blame and move on, and it is politically popular among the people who are looking for someone to hang. But it turns out doing so doesn't fix underlying structural issues, it just covers it up.

Re:Really bad security

[rtb61]

The real ballistic appropriate ballistic missiles response, bend over and kiss you arse goodbye, because fucker, you are going to kill you one way or another. No such things as one going off, one goes off, they all go off, no one can take any chance of being the one not to fire, so they all go, targeting everyone because even if you had none and fired none, those that fired and were fired upon, can not leave you to take over, that insanity goes with the territory of nuclear insanity. The insanity of believing you can survive, make no mistake you are dead if not immediately than within a short time there after.

Tsunami and hurricane warning sure, nuclear war warning, why fucking bother, seriously, who the fuck wants to die of old age in a hole in the ground, knowing that's all there is a whole in the ground you have already buried yourself it. Far smarter to immediately reach for that special joint you have been saving.

Re:Really bad security

[ihavnoid]

I second this. I work for a big company designing high-tech products. Never did I see anybody get fired because they made a fatal mistake which cost the company massive loss. I believe this is perfectly normal in this industry - we learn from the mistake, figure out how to prevent that in the future, and move on.

Actually, you might be grateful if you are fired. What usually happens after a royal screw-up is that the person usually will need to take some responsibility and will be the person who will do all the work to make it right. Not only to jump in and fix the problem, but also participate in all sorts of investigations, inquiries, report-writing, etc. I already feel pretty sorry about that operator since he will get interviews/meetings/questioning with all sorts of three-leter agency investigators who will be disappointed and would want to go through every single action that person took that day, having him/her go through all the horror that he experienced again and again.

That alone is already a deterrent painful enough to make people think twice before doing something risky.

Re: Really bad security

[Mal-2]

How do they flip it over without you noticing when it only has adhesive on one side?

Re: Really bad security

[Calydor]

Glue stick.

Re:Really bad security

[thegarbz]

There's also more to this. Humans are imperfect and make mistakes. Firing a human over a mistake doesn't mean you'll end up fixing the problem in a way that the mistake can't happen again. The replacement human is just as fallible.

To fix any mistake you need to first identify the systematic problems that allowed the mistake to escalate into an incident. Simply firing someone shows that you not only don't understand humans, but also that you refuse to improve your own systems.

Re:Really bad security

Dude, did you see the "GUI" they are using? You can tell what has happened just by looking at the result.
(Image of the GUI is a bit down in the article.)

The reason this bullshit happened is because the person leading the development didn't have the competence needed to judge the state of the system or he didn't get the funding needed to finish the project.

You can tell just by looking at it that someone programmed the backend and made it work, and to test the system he spent 5 minutes to make a web-page that sent a test-signal.
When the backend worked he demonstrated the system for his boss that didn't listen to all that technical mumbo jumbo and just saw a button click and a correct response and decided that the project was done.
No proper GUI was ever developed.
Over the time new links were added to the test-page just to be able to send other messages but they were just added to the list in no particular order.

This isn't an operator error. In a sharp situation where the operator is stressed there is a high probability that even a competent person would pick the wrong message.
This is purely a development error and since the backend apparently works very well and clearly no-one spent even a day on building a GUI it is clearly a project management or funding issue.

Re:Really bad security

[Heathren-bert]

The thing that I've wondered about is: how did the public respond to the warning? I mean, you can run the test drill to check out the equipment all day long, but when people know it's just a test they will probably kind of just ignore the warning, when you know it's just a drill people just to go through the motions of what is expected of them. If this had been a real incident, how was the public supposed to respond, and did they do that correctly? I think people are too focused on pointing fingers and trying to place blame, when they could use this as a learning experience to see how well the public responded had this been a real incident.

Re:Really bad security

[MiniMike]

Make them work for it- put it under the monitor!

Re: Really bad security

[wardrich86]

IT staff here: I don't mind - it keeps me employed!

Re:Really bad security

[cyberchondriac]

OTOH, clearly this facility is also run like a newbie help desk, keeping critical passwords on post-its stuck to a monitor and then allowing a photograph to be taken and released to the public on top of that. Sure the alert interface sucked, but that's obviously not the only problem here. You'd really think people in those positions there would have better training in security and a less casual attitude.

False alarm!!!

There was no password!!!

The weakest security

[Archangel+Michael]

The weakest security is always the human involved.

IMHO people posting, sharing or otherwise exposing passwords, should be written up, and eventually fired.

What is the point of a password that is out in the open like this? Are passwords that hard to remember?

I wanna run away screaming!

Re:The weakest security

[michiganbob]

What is the point of a password that is out in the open like this? Are passwords that hard to remember?

Actually, yes. When your password must contain upper and lower-case letters, at least one number, a special character, must be at least 12 characters long, must be changed every 3 months, and cannot be a variation of or contain any previous password. That's when you get yellow sticky notes on the monitor.

Re:The weakest security

[Cro+Magnon]

Particularly when you have 50 such passwords.

Re:The weakest security

[pz]

Are something (fingerprint).
Have something (RFID badge).
Know something (unique-to-user pass phrase).

You would think that all three would be required to send out an emergency alert message.

Re:The weakest security

Or hundreds....This is why I had to resort to using a password manager (keepass and vault), it was becoming to hard to remember everything. I found myself reusing password, simply because I knew any more would be hard to remember.

Re:The weakest security

[arth1]

Particularly when you have 50 such passwords.

And that's when people ask for bigger monitors, to hold all the stick-it notes.

Re:The weakest security

So much so that the latest NIST recommendations are that you Should NOT impose composition rules and you Should NOT require the password is changed frequently. It's better to train employees to come up with memorable secure passwords (which don't require hard to remember composition rules https://xkcd.com/936/) and use things like password managers and 2FA.

Re:The weakest security

[msauve]

Obligatory...

Squeal like a pig!

Re:The weakest security

[jetkust]

Sometimes a password isn't needed and doesn't add any real security but is required. You're very quick to fire someone without really knowing the situation or what the password even was for.

And yes, passwords are hard to remember when you have to remember a hundred of them. If they weren't, why do people use password managers?

Re:The weakest security

[AHuxley]

Re 'What is the point of a password that is out in the open like this?"
So that anyone on call can take over the job of alert/test that shift?

Re:The weakest security

[SirGarlon]

Are passwords that hard to remember?

Once you start requiring them to be 12 characters long, and contain at least one uppercase character, one lowercase character, one numeral, and one Egyptian hieroglyph they are.

By the way, those complexity rules have been officially withdrawn by NIST. In fact, TFA is an instance of the very problem that drove the rule change. Now all we have to do is spend 20 years undoing the damage of the old, stupid, complexity rules.

Re:The weakest security

[Archangel+Michael]

When your password must contain upper and lower-case letters, at least one number, a special character, must be at least 12 characters long, must be changed every 3 months

Making passwords hard to remember isn't security. It is building in faults because the experts are too lazy to figure out a better method.

Three significant length words should be sufficient. That way, you only have to remember 3 things, a couple symbols and one number. And is it sufficient for current password strengths

Gorilla!Bamboo(Mastodon)01

For the 01 means "January". "Change" your password every month on the first and you have 12 passwords without changing anything meaningful.

You can vary it up if you want,

Gorilla!Bamboo-Helpdesk = unique password for Helpdesk.
Gorilla!Bamboo-ChaseBank = Your banking PW

The thing about making Passwords hard to remember is that it significantly weakens the system, because stickynotes on screens.

Re:The weakest security

[bondsbw]

And who is to say that a sticky note is that bad? How many passwords are just saved in some plain text file or email?

At least physical access is required to obtain the password, which is probably securely restricted to people you know and trust. Sticky notes are pretty much hacker-proof.

It's even better if you lock your sticky notes in a drawer, to avoid accidents like in TFA.

Re:The weakest security

[kcwebmonkey]

can't they just use Ihatemyjob1!

Re:The weakest security

That works great until a bug is discovered in CPU that allows any process to dump your password database.

Re: The weakest security

[TuringTest]

The weakest security is always the human involved.

That's true. It's also the reason why password setups and protocols should be made as easy and enjoyable to use as humanly possible.

If you build a password system that's hard to use, hard to remember, and force the user top jump through hoops, you're putting a lot of strain over the weakest link in the system. I.e., you're making the system brittle and easy to hack.

Re:The weakest security

[msauve]

Unfortunately, common sense and authoritative recommendations often succumb to security theater. Like proverbial lemmings. Real quote: "we need to adhere to standards that our customers, the market and other auditory bodies follow."

Re:The weakest security

[Bender0x7D1]

So that anyone on call can take over the job of alert/test that shift?

Most likely.

Having a readily posted password isn't a problem - depending on how you balance your risk. For example, is it worse if people in the control room (or the world who doesn't have access to the control room) knows the password; or if WHILE RIDICULOUSLY STRESSED THAT AN ICBM IS HEADING FOR YOU (caps since it would be REALLY stressful) you can't remember the password to tell everyone about to seek shelter from a nuclear weapon that is already on its way?

Re: The weakest security

[HumanWiki]

Please, this is /.

Half of those characters aren't supported as input in such a field.

Re:The weakest security

[mcl630]

And if your system has any type of variation on "can not contain any previous password", it has to store your passwords in plaintext somewhere, which is another huge security issue.

No it doesn't... you can store previous password hashes and when the user attempts to change their password you compare the hash of the new password to the old hashes. No need to store plaintext at all.

Re:The weakest security

[Guybrush_T]

Reference ? I've been fighting against ridiculous password policies for years but I couldn't point to anything else than my opinion.

Re:The weakest security

[AHuxley]

+1 for the stress part too. That would be something that was given some thought. A pity the shift change test and alarm section was not given much thought.

Re:The weakest security

Come on, what are the odds of that happening?

Re:The weakest security

[DivineKnight]

That's why you choose a handful of passwords, of differing difficulty, and importance.

For instance, the password to your GMail account should include some number, letters, symbols, whitespace characters, Chinese / Japanese / Thai characters, musical / mathematical notation, and a statement that if read aloud in court would get someone in a heap in trouble (FBI, CIA, NSA, or someone else in trouble).

Conversely, the password to your Amazon account doesn't need the last three types.

Re:The weakest security

At NIST, we still have to change our passwords every three months along with a bunch of other asinine rules. Dogfood not eaten here.

Re:The weakest security

[Calydor]

Approximately 1 to 0.9995743548.

Re: The weakest security

[houghi]

3 months? Once had a place where it had to be done weekly. And obviously people have to have one for every website. Often with logins tha are different as well.

And no, a password manager can not be used everywhere.

Password policy is basically blameshifting to the enduser.

Re: The weakest security

[houghi]

Unfortunately it is basically blame shifting. And installing and maintaining a password manager is something that IT departments are not willing to do as it shifts the blame back to them and it causes extra work initially. Once calculated how much oassword resets coststed the company. If you do that, also calculate the time the other person is unable to work and add 5 minutes, because that is how long it takes from the moment they should have been able to log in to the time they contacted IT.

Re:The weakest security

[thegarbz]

So much so that the latest NIST recommendations are that you Should NOT impose composition rules and you Should NOT require the password is changed frequently.

Key word in there is highlighted. Given those NIST recommendations are less than 6 months old, we've got another 4 and a half years at the very least before you start to see them adopted widely.

Re:The weakest security

[thegarbz]

The reference is the lates NIST recommendation. https://pages.nist.gov/800-63-...

5.1.1.1 Memorized Secret Authenticators
Memorized secrets SHALL be at least 8 characters in length if chosen by the subscriber. Memorized secrets chosen randomly by the CSP or verifier SHALL be at least 6 characters in length and MAY be entirely numeric. If the CSP or verifier disallows a chosen memorized secret based on its appearance on a blacklist of compromised values, the subscriber SHALL be required to choose a different memorized secret. No other complexity requirements for memorized secrets SHOULD be imposed. A rationale for this is presented in Appendix A Strength of Memorized Secrets.

Re:The weakest security

[be951]

That's when you get yellow sticky notes on the monitor.

Certain people will probably always do that. But good password managers have been around for a while, and can easily accommodate such requirements. If anyone is unaware of those types of tools, that's probably a failing of their IT department for not having or properly communicating a standard for password management.

It certainly is not the password to...

... the mainframe, all programs and all desktops.

Re:It certainly is not the password to...

[Major_Disorder]

... the mainframe, all programs and all desktops.

Correct. That password is "guest"

warningpoint2 also sounds like the system name

[Joe_Dragon]

warningpoint2 also sounds like the system name as well.

Re:warningpoint2 also sounds like the system name

[AHuxley]

Really smart network designers put all kinds of stickers and words, terms all over their place of work so that anyone visiting can see the thinking around the design of the network.
Everything on display all connects back to a honeypot.

That's bad, but

[RightwingNutjob]

publishing photographs of the insides emergency management and civil defense facilities isn't such a hot idea either. Information wants to be free.

Re:That's bad, but

[thegarbz]

publishing photographs of the insides emergency management and civil defense facilities isn't such a hot idea either

Why? This isn't some super secret military facility. What you find in this room will likely be no different to any other emergency response room anywhere in the world. If anything the firestation we have at work looks more complex than this.

What have we learned?
They have multiple clocks.
They have cameras.
They monitor the weather.
They have more than 2 telephones like any emergency room.
They have swipe card access.
There's a password for an unknown system on the monitor.

We could have guessed what this picture looked like when you say "emergency response room".

Re:That's bad, but

[cascadingstylesheet]

publishing photographs of the insides emergency management and civil defense facilities isn't such a hot idea either. Information wants to be free.

No kidding. Reminds me of when the officially admitted submarine depth capability had to be doubled, due to something said on a #%&^% TV documentary!

"Oh, um ... I guess say "greater than 800 feet" now. Because we are idiots."

Joshua gets into the system that can fire nuclear

[Joe_Dragon]

Joshua gets into the system that can fire nuclear missiles

That leads us to a fundamental question

[geantvert]

Where can I buy Post-It with pre-printed passwords? That would save me so much time.

Re:A laptop in a manger sounds cool

[sheph]

They had to move his office because there was no room at the inn.

I had one of these

[imidan]

For no particular reason, at a previous job, I kept a brightly colored Postit stuck to my monitor with a random string written on it. It wasn't the password to anything. And now, for no particular reason, I've shared it with all of you.

Re:I had one of these

[q4Fry]

Cute. Mine says:
User: Administrator
Password: NiceTryShoulderSurfer

So its a desktop?

[AHuxley]

Not one of the red and green buttons with the word "test" and "alarm"?
Someone has to use the computer with a pw and select test or alert from a GUI?
A test is selected every shift? Is the alarm so easy to select in the GUI too? Any "Sure?" on the GUI to confirm alarm was selected and not the much used test?

Re:So its a desktop?

[vux984]

Apparently real and test were two adjacent entries in a drop down list; and then there was a confirmation box "Are you sure?"

Seems like an easy issue to fat-finger, especially if you get the same confirmation box with either selection.

Yesterday I had to make a dash for the printer to cancel a job because "Print" and "Edit" are adjacent in the right click context menu for the windows desktop.

(Really... does anyone really need one-click print without opening the document first, that they even need a right click print context menu item?? I've always wondered about why its there.)

how about fixing the Poor UI when you change the

[Joe_Dragon]

how about fixing the Poor UI when you change the password system as well.

https://www.theinquirer.net/in...

Outrageous!

[Mister+Liberty]

A password on a yellow post-it note!! Haven't they ever heard of green or pink or light-blue post-it notes or whatever?!

It's changed now, so don't bother trying it.

[kimgkimg]

The password's been changed to "Warmingpoint3" now, so don't bother trying the old one, it won't work.

Re:It's changed now, so don't bother trying it.

[SeaFox]

The password's been changed to "Warmingpoint3" now, so don't bother trying the old one, it won't work.

https://qzprod.files.wordpress...

You're trying to attach the "r" to an "n". I'm pretty sure the password is "warningpoint2". You know, because this is an emergency management facility.

Re:It's changed now, so don't bother trying it.

[misnohmer]

The feature request to change the hard-coded password has been filed - it's making its way through triage and prioritization. A meeting to decide what the new password should be has been scheduled. New layer of security is being implemented - non-transparent extra-sticky notes to always cover for the ones with the password have been ordered.

Oh my god!

[Picodon]

Oh my god Oh my god Oh my god!!! They managed to get a photo of the secret password that was written on the super-secret Post-It-Note that was secretly affixed on the front of the terminal of our hyper-ultra-secret nuclear-threat-preparedness system! We’re soooooo totally screwed now!

Re:Joshua gets into the system that can fire nucle

[desdinova+216]

strange game... the only way to win is to not play

Could be they are super smart

[SuperKendall]

That password is for the honeypot...

Brazzers account

[PPH]

n/t

one two three four five

[Thud457]

I just use correct battery horse staple for everything. That way I don't have to mess around with insecure post-its.

It would be funny if not so possibly tragic.

[Sqreater]

I learned in the Air Force in the seventies that security is impossible to expect from your average American. They just don't get it, no matter how hard you try to explain it to them. Americans are just not afraid of things they should be afraid of, and not suspicious of people and things they should be suspicious of. They don't feel endangered. And it is very hard to make them feel so.

Re:It would be funny if not so possibly tragic.

Maybe it is because average people, no matter where they live in the world, don't have enmity towards each other.

It is only the _leaders_ and the _militaries_ of the world that create threats, start wars and in general start the problems that lead to conflict.

Re:It would be funny if not so possibly tragic.

[cstacy]

Maybe it is because average people, no matter where they live in the world, don't have enmity towards each other.

It is only the _leaders_ and the _militaries_ of the world that create threats, start wars and in general start the problems that lead to conflict.

Yeah, normal humans don't have conflicts, just their (inherently evil) military leaders.
And yet for some unfathomable reason there are locks on almost all doors.

Often it's the companies fault

[PA23]

When companies force you to change your password every 60 or 90 days "just because" and require the new password to be substantially different than their previous password people start writing them down.

I never understood the thought behind forcing a password change because you've had your password for X days.

Re:Often it's the companies fault

[PA23]

Then why did NIST come out in their 2017 recommendations to no longer force arbitrary password changes when there is no evidence of a password compromise? Because 1) users start to write passwords down, 2) users use a password that is very similar

Its gotten to the point that I have so many different passwords with so many different requirements with different expiration dates that I have no choice to write them down someplace, piece of paper, file, whatever

Fired

[p51d007]

I know that a medical company IT staff I know, they go around (due to HIPAA reasons) making sure if people leave their desk they lock the screen on their workstation. He told me more than once, they found post it notes with a password. What they would do is go in and change the password, locking them out, then wait for them to call the help desk. Then they'd get ONE warning not to do it again, or be fired. NO ONE in a corporate world should be allowed to keep a password on a post it note.

Re:Fired

[Cro+Magnon]

I only need one post-it, for my login password. Everything else is in a text file named "Top Secret Passwords". What could go wrong?

Obligatory

[QuadEddie]

I bet it was the Wong password

Re:Full of shit

[Hadlock]

Yeah the UI is garbage but that doesn't excuse operator error.
 
Welp, I don't think I will be able to change your mind, but there are at least two schools of thought here, yours:
 
1. If something bad happens, whip everyone involved until they cannot stand any longer, then fire them, ensuring this never happens again,
 
Or,
 
2. Ask why this happened, don't assign blame, then work through the problem to find the root cause, then fix that problem so that it never happens again.
 
NASA determined that humans fail at pretty much everything about 3% of the time on the ISS and have built in all sorts of checks and balances to account for this. If the ISS blows up, everyone shares the blame, and responsibility for keeping that from happen again. If you assume from the get-go that humans are capable of being 100% infallable 24/7/365, even when they're sleep deprived from a) having a baby b) insomnia from a divorce c) hung over from a bachelors party etc etc then yes your system sounds great as there's no chance anything can ever go wrong and it's just their fault for being a bad person and they should feel bad.
 
Option 1 is both overly optimistic going in, and highly negative on the resolution side - nobody worth anything will stick around for long; option 2 assumes the worst going in and looks for a positive solution coming out. People tend not to quit out of frustration quite so often in scenario 2.

Misdirection

[craXORjack]

I don't know if it's true or not but I heard a story that the only time Harry Houdini couldn't pick a lock to escape from a jail cell was when the deputy didn't actually lock the lock. That story inspired me a long time ago to hang yellow sticky notes on my monitor with what appear to be passwords written on them. Everything from "secret123" to "p455w0rd". I crack me up.

Re:Full of shit

[Calydor]

You're the editor of that newsletter, "How To Be Perfect And Never Make Mistakes", aren't you? May I please subscribe to it?

The guy who did the error learned his lesson

[aepervius]

See , removing people making a single error from chain of command or skilled work, means your hierarchy and your worker NEVER learn from their error. The one replacing them will have heard of the error, maybe laugh at it, but most of the time they did not LEARN of it, The one which got burned by it, on the other hand, will remember a long time. Experience is also learning from error. By cutting out people which did error, you are not enhancing your process, hierarchy and worker, on the contrary.

Re:The guy who did the error learned his lesson

[gwjgwj]

Harrisberger's Fourth Law of the Lab: Experience is directly proportional to the amount of equipment ruined.

ob. 12345

[cstacy]

This is why I keep my passwords in my "password suitcase", where it is encrypted until unlocked for use. (This way I only have to remember a single master password. It's the same numeric 5-digit code as on my other luggage...)

Need MFA

[cstacy]

Something you don't have anymore, something you forgot, and something you ate.

Or something like that.

Post-It notes...

[Keith_Beef]

I worked in a place with a security policy that included having somebody from IT walk through the offices looking for this kind of thing (e.g. Post-It notes under keyboards, on cube partitions, etc).

This, in a place that had been a division of another company until a week before my arrival there: so all the legacy systems of the previous corporation plus all the systems of the new corporation, many of them providing the same services.

And password policies like "you must change your password every six months, a password must contain at least one upper case letter, one lower case letter, one digit and one special character" of course, without telling us which special characters were allowed and which were not allowed. Oh, and you couldn't use a password that you had used in the previous 18 months.

So of course, remembering all these passwords was difficult. Some people resorted to Post-It notes, some to noting the passwords in a cellphone or a notebook. A notebook in a locked drawer, of course.

But if a Post-It note with a service name, login name and password was found during the security walk-through, it would be tried out... So guess what happened. People would write down spurious combinations of login name and password. Or write down a service name that didn't exist. The walk-through sometimes took a long time... so trying out the passwords was abandoned; the Post-It notes were simply confiscated and the person whose cube it was would get a new training requirement to follow, yet again, the IT Security Policy training course.

Fast reaction

[DrYak]

You would think that all three would be required to send out an emergency alert message.

Then in case of an actual emergency (say, when category 9 hurricane 'Zorro' hits Hawai in a couple of months), you'd be complaining that the alert wasn't sent because it relied on a complex validation procedure that required perfectly coordinated simultaneous action by 5 person, one of which was sick on that day, and the other lost his keyfob 12 months ago when his dog ate it.

That's the complex problem with emergency procedures, they need both at the same time be quick enough to execute in case of actual emergency, but have enough confirmation step to not be triggered by incident.

Re:Full of shit

[coofercat]

I take it you've never pulled a 'push' door, have you?

Why not change the PW?

[wardrich86]

The agency verified that the password is indeed real but wouldn’t go into specifics on what program the password was supposed to be used for.

What a fucking stupid response. If somebody finds a key for something that I own, my first response would be to change the lock... I certainly hope they have changed the password.

Re:Full of shit

[ArchieBunker]

Oh yeah that's totally the same as an emergency alert for an incoming missile attack.