Do you want to know my password?
If you answered yes, sorry to disappoint, but I can’t share it. To share a password is to share a secret, and sharing a secret means… well, it’s not a secret!
Most people know that sharing your password is a bad idea. It would be the equivalent of locking the front door of your house, but giving everyone in the world a key to open it… what would be the point?
Official government advice from the National Cyber Security Centre (NCSC) makes it very clear, DON’T SHARE YOUR PASSWORD WITH ANYONE!
The NCSC’s password guidance states:
You should never allow password sharing between users. Sharing accounts, or even occasional use by anyone other than the account holder, negates the benefit of authenticating a specific user. In particular, the ability to audit and monitor a specific user’s actions is lost.
That’s pretty clear (and common) advice.
The madness begins…
So, imagine the internets surprise when a British MP, a member of the Houses of
Parliament Password Sharing tweeted this:
Nadine Dorries was tweeting in reference to the news report that another British MP, Damien Green, was being investigated for having porn on his Parliament computer. In the above tweet, it would appear Nadine is trying to defend Damien Green by suggesting it may not have been him who downloaded porn, as someone else could have used his PC with his login.
And it wasn’t just Nadine, other MPs waded in to admit the same bad practices:
If you read all the tweets that came after these revelations, it seems clear. Everyone was in disbelief that this was a thing, whilst the MPs scrambled to defended their statements.
In fact, Nadine even tried to suggest that the numerous InfoSec professionals advising her this was terrible practice were “Nasty Trolls”!
She also went as far as to suggest an MPs emails aren’t worth securing:
I’m not even going to get into the twitter battles that ensued. But, what I think is important is that the UK public be given re-assurances that MPs will be given appropriate training on basic Information Protection (and ensure it’s actually them logged into the computer when they are doing the training!)
Response of Twitter Folk
Here are some of the valid responses to this craziness…
Come Monday morning, the MPs were suspiciously quiet. Maybe that was partly due to the Information Commissioners Office tweeting:
And it wasn’t just the ICO. A spokesperson for the House of Commons told ZDNet:
“In common with other organisations, Parliament has a cyber security policy that applies to all users of its digital services, including Members, their staff and parliamentary staff. In line with good practice, this policy includes a requirement not to share passwords.”
This was a very twitter heavy post. But, the news broke on twitter, along with the reactions, so sorry for the number of tweets! This is the last one, promise…
All this because an MP was trying to defend another MP for having porn on their computer. The old saying “two wrongs don’t make a right” seems to be appropriate…