Healthcare security: Write login details on whiteboard, hope for the best
Summary
A UK medical center displayed system usernames and passwords on a public whiteboard, highlighting a major security flaw despite guidelines. This underscores human error as a key vulnerability, with passkeys suggested as a more secure future alternative.
Medical Center Exposes Passwords on Public Whiteboard
A UK medical center has been displaying a whiteboard containing system usernames and passwords for public viewing. The security blunder was spotted by an anonymous reader who reported it to The Register.
The reader had warned staff about the risk months ago, but the whiteboard remained. "Clearly, they don't believe me," the reader said. The exposed credentials render access logs useless, as anyone could use the shared login.
A Stark Departure from Official Guidelines
The UK's National Health Service has official password security guidelines. These rules advise against using single words and common passwords, promoting random, complex phrases instead.
However, the guidelines notably lack a directive against writing credentials on a publicly visible whiteboard. This incident highlights the persistent human element that can undermine even basic security protocols.
The Push for Password Alternatives
In response to chronic password vulnerabilities, authorities are pushing for alternatives. The UK's National Cyber Security Centre advocates for passkeys, which are cryptographic credentials stored on a user's device.
The NCSC states passkeys solve core password security issues. Key advantages include:
- They are generated securely and cannot be guessed.
- They are resistant to phishing attacks.
- They are unique to each service, preventing credential reuse across breached sites.
As the NCSC notes, passkeys are also "unlikely to be found written on a whiteboard."
Human Error Remains the Weakest Link
This incident is a classic example of insider threat, albeit an unintentional one. It shows that administrative security measures are futile if users bypass them for convenience.
While passkeys represent a technical improvement, they do not fully eliminate human risk. The fundamental challenge of securing private credentials against simple human error remains a critical issue for organizations everywhere.
Related Articles
An agentic system for rare disease diagnosis with traceable reasoning
DeepRare is an AI system using large language models to diagnose rare diseases. It analyzes patient data to suggest ranked diagnoses with evidence, outperforming existing methods and showing high accuracy in global tests.
Gaza ‘stabilization force’ commander outlines security plans
US-led Gaza force to start in Rafah, aims for 20,000 troops. Indonesia pledges 8,000 and will be deputy commander.
Stay in the loop
Get the best AI-curated news delivered to your inbox. No spam, unsubscribe anytime.