This is NOT an article about my mother. She just happens to be the person at the other end of this conversation, but it could have been any house guest.
My mother has been staying with me for the past few days. It is the first time she has stayed with me, and it has been a learning experience for both of us.
One of the things that she had to get used to was that my TV is not set up in any useable way to anyone but me. I know, it’s a pain in the ass, but I live alone, and under normal circumstances the only person (other than me) who would ever use the TV is my son… and he is just as happy to let me log in for him.
I promise, someday I will get around to making the system more useable, but it’s just not a priority.
So this morning I had one foot out the door when my mother asked me ‘Oh… if I want to watch TV, how do I do it?’ The simple answer is… You don’t. Okay, you have an iPad, you can watch Netflix.
‘But why can’t you just show me how to use your TV?’
Well there are a couple of reasons for that, but the one I opted to go with was that I would have had to give her my password, which was my primary password for everything on my network. I could have gone with ‘I don’t have the time,’ or ‘I’m sorry, but the media device is very finicky and you would be calling me all day to ask questions,’ or ‘I don’t want you surfing my porn collection.’ No, I went with the password.
‘Oh, really… like I would use your password for anything other than watching TV. Really, I don’t even know how to use your computer!’
There are a lot of arguments that people could make in favour of sharing passwords… and they are all wrong. There is in my mind no legitimate reason why two people should share their passwords with each other… not when information security is an issue.
What do I mean by ‘Information security?’ Let’s look into this. If I were to give someone my password, what could they possibly do on my computer?
1. My banking credentials and information may be cached.
2. I have letters and documents that are extremely confidential. Some are personal, some are business, none are anyone’s business other than the people I share them with.
3. On my desktop there is a link that connects my personal PC to my corporate VPN. While I do not have my credentials cached, the extra layer of security provides Defense-in-Depth, which is eliminated by sharing my password.
4. My e-mail… In other words, anyone with my password could very easily send an e-mail in my name… to anyone.
5. My blogs are set up so that anyone authenticating to my PC can post to any of them… and that is not acceptable.
6. Oh come on… do I really need to go further?
So if I trust someone 100% should I be willing to trust them with my password? Well, I don’t trust anyone 100%, but that is not the question. In this case, even if I trust her 100%, we have to assume that my boss (who has never met her) doesn’t… and since some of the information that my password is protecting is my company’s, the answer is no, I should not trust them with my password.
Do I believe my mother would use my password for any reason other than watching TV? Frankly I do not. Do I think she is capable of getting into anything that she shouldn’t? Well, she does know how to use e-mail, so that is a possibility, but I do not think that she would.
The problem is not what I think she would do. The problem is this: What happens if I get back to my computer tonight, and something is amiss. What happens if something is missing, or changed, or whatever? Well the reality is that chances are it is from something that I did, but my first reaction would not be that. So why take the chance? Why risk losing the ability to trust my mother because of something that may or may not have been her fault? Simple… don’t put yourself into the position.
I connected my mother’s iPad to my wireless network, and she should be able to do anything she needs on that device… if she had the wherewithal to hack into my systems via wifi then I would be a sitting duck, but she doesn’t… in fact not only does she not have the ability, she also does not have the desire or malicious intent.
On the first page of the book The Sum of All Fears there is a quote that I have always liked. I thought it was a Winston Churchill quote, but as I looked it up on the Internet it looks like it is attributed to Benjamin Franklin. It is:
Three can keep a secret, if two of them are dead
Is that true? Maybe yes and maybe no, but the only true way you can know for certain that nobody will share your secrets is by not sharing them with anyone else. Passwords are the same way.
I have been asked before if I have a password store in case I get hit by a truck. The answer is that I do not. Why not? There is nothing that I need people to access if I am dead. They can reformat my computer and all of my hard drives and use them to their hearts’ content… but the information is mine. I don’t need anyone logging into my Facebook or LinkedIn after I am gone, and with regard to my banking, well the executor of my estate will have the legal means to deal with the banks. Some information can die with me, and I am quite at peace with that knowledge. My blogs? Once I am dead the last post will have been posted, and they will remain there until WordPress decides to take them down. E-mail? Nobody needs to be notified of my death who cannot be notified by other means.
Passwords are private, and should remain so. The integrity of your data and systems and reputation relies on that. Sharing them with anyone is a bad idea, and if you disagree? Well don’t tell me I didn’t warn you!