Wandering Thoughts archives

2008-01-25

A modest suggestion about test accounts

Here is a modest suggestion that has recently occurred to me:

Don't give your test accounts the same password as your regular account.

It's not that I'm all that worried about security issues; it's that I want to avoid accidentally logging in as one account when I'm trying for the other. With separate passwords, I have to make an absent-minded mistake with both the username and the password, instead of just the username, and I figure this improves my odds.

I have to admit that I've never actually made this mistake, but I have had times when I looked at the username just to make sure. I suspect that slower typists have fewer problems here because they think more about what they're typing; I wind up typing a lot of things more by reflex than by conscious thought, often including my usernames and passwords.

And for all that I'm rather casual about them, there are real security issues, especially if you have to test systems whose password handling you don't entirely trust. And there's an awful lot of things these days that will 'helpfully' remember access passwords for you so they can do things automatically the next time around.

sysadmin/TestAccountSuggestion written at 23:55:09; Add Comment


Page tools: See As Normal.
Search:
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.