When it comes to password security, one of the things I teach my students is not to share it. Often I think that they believe that’s a principle that they don’t have to follow. I mean, what could be the harm in sharing your work password with a co-worker, especially if your PC has some important file that your co-worker needs access to? (well then, just e-mail it!) Or if you’re going to be going out of town for work or vacation?
Well, about a month ago, it was revealed that one NSA staffer found out about not following this principle the hard way. Apparently this person gave Edward Snowden his password, and Snowden used it to access sensitive files. At the time, it probably seemed harmless. But it was in direct violation of NSA standards. The person has since resigned from the NSA. The files that Snowden was able to access were quite sensitive, and may have caused our government incalculable damage. In terms of the saga of Snowden, his exposure of US secrets, and his escape to asylum and limbo in Russia, this is probably old news.
However, this small story in the larger one of Snowden illustrates the fact that no matter how advanced, or complex, or powerful our technology is in the defense of our information and cyberspace, there is absolutely no doubt that people are our weakest link. If people don’t follow policies and the procedures that implement those policies, an organization can lose its data, its reputation, and its trust with consumers and with the people that count on that organization to protect them.