27
Saw a SOC analyst leave sticky notes with passwords on his monitor during a coffee run
I was at a cybersecurity meetup last week in Austin and one of the guys from a local MSP invited me to check out their operations center. Right there on the floor, I noticed an analyst had a bunch of yellow sticky notes stuck to the side of his monitor with database admin passwords and API keys written in plain text. When I asked him about it, he said it saved time during incident response because he didn't want to look up credentials every time. Look, I get speed matters during a breach, but that's like leaving your house key under the mat AND telling the whole neighborhood. I've been in ops for about 7 years and I use a proper password manager with a quick copy shortcut for that exact situation. Has anyone else seen this kind of thing in real offices or am I just spoiled by better security habits?
2 comments
Log in to join the discussion
Log In2 Comments
andrew718d ago
Walked into a buddy's small office last year and saw the IT guy had a whole row of passwords taped to the bottom of his keyboard tray. Like the really sensitive stuff, root passwords for servers and firewall admin logins. He said the same thing about speed during emergencies. I get it, we all want to move fast when something's on fire, but that's just asking for trouble. Found out later a temp worker took a photo of those sticky notes with his phone. Never did find out what happened with that.
8
thompson.tyler18d ago
A buddy of mine caught an intern at his company photographing a password sticky note near the server room.
0