Passwords just aren’t enough, especially when people do crazy things like this.
Yes, this is real. Someone actually wrote the password to their Remote Desktop Session on their keyboard. I’ve seen the password on a sticky-note under the keyboard, in an unlocked desk drawer, even taped right on the monitor, but I’ve never seen a password written on a keyboard! I have to admit, it’s a very convenient place for the password, you don’t even have to lift up the keyboard to look at it. Despite this consideration it is probably not a good idea to ever do this.
One of the biggest challenges facing IT Administrators and Business Executives is balancing the demand for convenience vs. the need for security. While technology is getting more convenient since the advent of the Cloud, it is more important than ever to maintain proper security of these systems. How can you possibly hold someone accountable for anything they do while using a corporate data system if the company uses a standard convention for usernames (such as firstname.lastname) and the user has written down their password for anyone to use? Even if a person hasn’t written it down, it’s too easy for people to simply share their passwords.
Microsoft recently acquired a great company called PhoneFactor (www.phonefactor.com). What PhoneFactor does is simply call you on your mobile phone when you log in. All you have to do is answer, hit the # key, and you’re done. Instant multi-factor authentication using a device everyone already has in their pocket.
At SiteVentures, we use PhoneFactor to secure the Microsoft Remote Desktop Servers running in Virtual Private Clouds on Amazon Web Services that we build for our clients. It’s inexpensive, reliable, and it protects our clients’ businesses and reputations.