Passwords are Not for Security

Picture a kindergarten classroom. Every kid has a space to hang up their coat, their bag, and maybe to store their lunch. While it’s technically possible that one kid may steal another kid’s lunch, more likely a kid will take home the wrong bag by accident. Organizing a bunch of on-the-run kindergartners is an exercise in identity management. Whose coat is this? Where did you last see your bag?

Contrast that with lockers at the local gym. While it’s also unlikely that anyone will steal anything, you get a lock and key. You carry the key. If you forget your stuff or if you lose the key, the staff can open the locker for you (or get rid of your stuff after you leave it there, forgotten, for several months). If you do lose your key, the staff will probably ask you to identify what’s in the locker before they open it. Some places won’t be so nice, and stand by a “use at your own risk” policy. Managing gym locker contents is an exercise in security. Who has access? Who needs help getting into a locker?

The two seem pretty similar, but they actually serve very different purposes, and understanding the differences can provide critical insight into how an IT department can help (or hinder) the people whom it serves.

Continue reading