UK medical center left system passwords on public whiteboard for months
Summary
A UK medical center displayed system usernames and passwords on a public whiteboard, highlighting a major security flaw despite guidelines. This underscores human error as a key vulnerability, with passkeys suggested as a more secure future alternative.
Medical Center Exposes Passwords on Public Whiteboard
A UK medical center has been displaying a whiteboard containing system usernames and passwords for public viewing. The security blunder was spotted by an anonymous reader who reported it to The Register.
The reader had warned staff about the risk months ago, but the whiteboard remained. "Clearly, they don't believe me," the reader said. The exposed credentials render access logs useless, as anyone could use the shared login.
A Stark Departure from Official Guidelines
The UK's National Health Service has official password security guidelines. These rules advise against using single words and common passwords, promoting random, complex phrases instead.
However, the guidelines notably lack a directive against writing credentials on a publicly visible whiteboard. This incident highlights the persistent human element that can undermine even basic security protocols.
The Push for Password Alternatives
In response to chronic password vulnerabilities, authorities are pushing for alternatives. The UK's National Cyber Security Centre advocates for passkeys, which are cryptographic credentials stored on a user's device.
The NCSC states passkeys solve core password security issues. Key advantages include:
- They are generated securely and cannot be guessed.
- They are resistant to phishing attacks.
- They are unique to each service, preventing credential reuse across breached sites.
As the NCSC notes, passkeys are also "unlikely to be found written on a whiteboard."
Human Error Remains the Weakest Link
This incident is a classic example of insider threat, albeit an unintentional one. It shows that administrative security measures are futile if users bypass them for convenience.
While passkeys represent a technical improvement, they do not fully eliminate human risk. The fundamental challenge of securing private credentials against simple human error remains a critical issue for organizations everywhere.
Related Articles
MuMu Player (NetEase) silently runs 17 reconnaissance commands every 30 minutes
MuMu Player Pro for macOS secretly collects extensive system data every 30 minutes, including network devices, all running processes, installed apps, and kernel parameters, linked to your Mac's serial number. This is not disclosed in its privacy policy.
CDC: 1 in 4 pregnant women now delay prenatal care
Fewer U.S. women are getting early prenatal care, with delays or no care increasing from 2021 to 2024. Possible causes include pandemic effects, reduced OB-GYN access, and maternity care deserts.
Stay in the loop
Get the best AI-curated news delivered to your inbox. No spam, unsubscribe anytime.
