Accessibly Insecure

On a desk, the book "The Personal internet address & password logbook"  by Peter Pauper Press lays on a desk surrounded by a coffee mug, a Rubiks cube, and a figurine

The Personal Internet Address & Password Logbook is, as its title states – a logbook for passwords and internet addresses. The final few pages logbook also allows you to record home network configurations, software license numbers, other notes. Years ago, I displayed the book on my desk at work. Working at an identity and access management company whose mission was to make individual passwords obsolete, the logbook was a soon-to-be ancient artifact for my coworkers and me to joke about. After leaving that company, it found a place on my bookcase at home and was quickly forgotten about.

Fast forward a few years. I spend a good deal of my time thinking about and researching different aspects of accessibility or, more commonly, the inaccessibility of technology. One area of particular interest to me is informational security (infosec).  I follow many professionals in the field and the topic on Twitter. Like most communities on Twitter, Infosec has a few recurring memes that are surefire ways to go viral. One happens to be the password logbook that is currently on my bookshelf.

Every few months, I see a tweet that becomes popular for a day or so where someone takes a picture with the logbook with text like, “WTF is this? Hope you like having your password stolen!” 

A standard piece of advice you see in the media on cybersecurity is never to write down your passwords; writing a password down causes you to be at risk and vulnerable to being hacked. How often has footage popped up of someone appearing on camera with a post-note on a computer behind them with a password prominently displayed for millions to see? Never writing down a password seems like solid advice. The alternative to paper and pen championed to keep track of many passwords is password managers. As a daily user of one for both work and personal accounts, passwords managers are great, but one question I do have to ask is, “who memorizes the password manager password”?

According to the CDC in the United States, “10.8 percent (6 million) of people with a disability have a cognition disability with serious difficulty concentrating, remembering or making decisions”. Also, as humans grow older, there are some changes in memory abilities for cognitive tasks. 

Memorizing one or two passwords to use a password manager seems easy, but remembering complex passwords asked for to secure accounts is extremely difficult or impossible for many individuals. Also, password managers come with a host of usability and accessibility issues which cause their own categories of risks. Denying the recourse of recording information on paper that doctors often suggest as a way to deal with memory issues causes them to be at greater risk. People will make passwords that are easy to guess, reuse the same one they can remember for many accounts, or never set a password if it’s not required. 

When working in the absolute that all passwords written on paper are insecure, then information security of a significant population on the web becomes inaccessible. It’s more effective to address how to store and safeguard passwords given how they are recorded because the fact is that a password written in The Personal Internet Address & Password Logbook stored in a desk drawer is far more secure than someone memorizing MrSuggles12102015.

As information security becomes more of a priority and concern for individuals, accessibility of solutions and applications must be at the forefront so that everyone can protect their information and data from risk.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s