One of my co-workers was recently chided for emailing a password to access an internal server recently. “Don’t email passwords! Email isn’t secure!” I don’t know if those were the exact words, but you get the point. Don’t send around secure data by insecure means, right?
Later, this same co-worker of mine was handed a sticky note with a server name, userid, and password with which to access a different internal server. This note was from the same group who has been preaching on not sending secure data by insecure means like email.
Let that sink in for a second.
I just have a simple question… what makes a sticky note stuck on a monitor any more secure than sending an email? Just curious…