For want of a password…

Lock out!

The other day a friend of mine received a phone call in the office: his wife had locked herself out of their daughter’s flat.  Her handbag with keys, money and phone was inside, as was her daughter’s key. A neighbour had offered the use of their phone but all the phone numbers she needed were held on her phone inside the flat.

How does this work in a business?

Password complexity rulesA similar scenario could play out with your access to important software. Modern software and most websites require a complex password.  Regardless of whether you are running a business or not, the number of passwords you need will soon exhaust your memory. Shortcuts, such a using the same password or by logging in via Facebook, can compromise your security if you are not careful, so we would not advise that solution. The result is that many people resort to storing their passwords – either in a password safe or a password protected file or even on paper.

The other shortcut which is used is the automatic login. I would suspect that very few people can remember the password for their email account: most client software and browsers will reconnect automatically. I suspect that email to phone would become far less popular if you had to enter your password every day.

So, the scenario is that you have lost access to your normal access device and need access to a site. You cannot remember the password so you have to retrieve it.  There are two possible options:

  • You open your password safe (or equivalent) and retrieve the password.
  • You follow the “forgotten password” option and get an email link to reset your password.

O365 Login ScreenThe first option relies on your password safe being available: i.e. not on the device you have lost. The second option will work: provided you can get access to your email – which is protected by another password… (see above).

You need to make sure that there is a way into this loop, preferably not too far down the line.

In my case, I keep all my passwords in a password safe shared between machines on Dropbox. I know the password to my safe : it gets typed in many times each day. If I lost my machine, the safe is still available as it is on Dropbox. The hole in the logic is that my machines sync automatically so I do not know my Dropbox password – it is stored in the password safe.

All’s well that ends well

Luckily for me, I spotted the flaw in the system before the worst happened. I have now made sure I can get access to my safe. My friend’s wife knew his office phone number so that story has a happy ending too.

The moral: make sure your business would not be compromised for want of a remembered password.