Ride the Lightning

Snowden Just Asked NSA Colleagues for Passwords and Got Them

November 21, 2013

I read this story from Reuters while in Paris – but being in Paris dampened my enthusiasm for blogging! Now that I am home, it does seem a story worth covering. We hear – all the time – of data breaches caused by employees sharing their passwords with other employees.

You would think that the NSA would train employees fairly exhaustively on this topic. And that NSA employees would be particularly sensitized to the need to guard passwords. But apparently not so.

As Reuters reported, some 20-25 NSA colleagues may have given Edward Snowden their logins and passwords after he told them they were needed for him to do his job as a computer systems administrator. There's no older song than that one in the information security world, but some NSA employees bought it.

The sharing of passwords should be prohibited by policy and a part of every information security training – but as many readers know, the IRS has done this for years and people still give up their IDs and passwords. Instinctively, people want to be helpful. It's a tough facet of human nature to corral.

http://twitter.com/sharonnelsonesq