JP Vossen on 2 Oct 2008 12:57:58 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] eeePC partitioning suggestions

> Date: Thu, 2 Oct 2008 13:01:12 -0400
> From: Art Alexion <>
> On Thursday 02 October 2008 12:10:33 pm JP Vossen wrote:
>> Is there a chance you can get upper
>> management's support though?  
> I almost literally rolled on the floor laughing on that one.  They are the 
> worst offenders.

Sigh.  Unfortunate, but not surprising.  You already know this, but it 
bears repeating: document the issue and your objections for when things 
go wrong.

>> What I mean is, your users are going to write it down anyway, so don't
>> fight it.  Since the ID and password are different anyway, fine.  Give
>> them a laminated card with the UID, password and encryption password on
>> it.  Per upper management policy, *require* that the card be kept in
>> their wallet or on their key chain and never, ever, stored with the
>> laptop or left in the car, or elsewhere.  
> This is a really great idea.  It may not always work, but it is better than 
> any idea I have read or considered for solving this issue.

If you try it, *someone* is certainly going to knee-jerk and scream that 
you can't write passwords down, OMG, the sky is failing!!!  BS, you 
certainly can.  You just can't be stupid about it...  See:  And 
for more info and ammo.

>> You know your users and management better than I do, so I hope this is
>> useful or at least sparks some ideas...
> I really like the wallet card idea.  Instead of fear and threats, it is just 
> easy.  The people I work with respond better to easy than threats and fear.

Good thing I didn't mention the "chain the card to a cinder block so 
they *can't* keep it with the laptop" idea then.  Though admittedly that 
cuts into the portability idea a tad...  :-)  Though you might want to 
consider that for the unencrypted USB keys...

On a related note, the coolest solution sort of like this I heard was 
some hospital that used smartcards as physical ID.  Everyone had to have 
the ID with them to go anywhere, and the only way they could log in was 
to stick the card in a reader on each PC.  So no one could stay logged 
in if they weren't there.  Sadly that doesn't quite apply here, but it's 

Let us know how it works out,
JP Vossen, CISSP            |:::======|        jp{at}jpsdomain{dot}org
My Account, My Opinions     |=========|
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --