Proposal Security: Passwords and AdminSnowden is back in the news today with the report that several dozen NSA employees gave him their login and passwords, with which he accessed files and stole them for later release.
http://www.theatlanticwire.com/national/2013/11/snowden-convinced-colleagues-give-him-their-passwords/71388/Proposal teams are targets for industrial espionage. Always have been. But today, shredding draft copies and working in a sealed off area are passé. The login and password provide access to anyone from almost anywhere. Anyone helping you DOES NOT require your login and password. Not your sys admin, nor another teammate. And certainly you don’t have this written down someplace like ‘um, lemme guess; your wallet, a post-it (on your monitor is common, but proposal folks know better) hidden in your drawer or under the desktop, etc. Pay attention out there! Today I got an excellent phishing message that expertly copied PayPal language, and had a link to a page indistinguishable from a PayPal page. There was just one problem, but most users won’t notice it and might type in their login and password. Yikes!
Trackback from your site.