Sometimes all it takes is an hour in the airport to rethink things

On Friday I traveled from Seattle to the other coast for my brother’s college graduation. While in another aiport along the way (stupid layovers ;)) I heard a conversation that made the whole stop worthwhile.

Our flight was late, and it was one of those little puddle jumpers. Most of the travelers were traveling for business (it’s always quite obvious now isn’t it) and were pretty annoyed that they would be late to dinners and such that were planned. The guy next to me wasn’t annoyed so much as concerned that he had something to do for work. He and I were chatting some and he said he had a document to send off, and was annoyed that it would not be sent until too late to be of interest.

So standing next to me he proceeds to make a phone call. I usually stand in airports and either read or do work, but for some reason I was just spacing out that day, just looking out the window and enjoying the sunshine. I overheard bits and pieces of what he said, and I just had to share what I heard.
Of course, I only heard one half of the conversation, but here’s what I heard (making up a name, since I have no idea what his real name is):
“Hi, it’s Bob. I’m stuck in the airport….yes I know, frustrating. So I need to send a document out, would you mind doing it for me?”
“Great, go in to my office, you should have the key. Let me know when you’re there.”
“Ok great. So please go to my computer, and log on. My username is XXXXX and my password is YYYYY. Working?”
“Ah great. So in my documents, find <doc name I didn't pay attention to>. Ok, so let’s open Outlook. Go ahead and open a new email, and attach the document to it”

From there, I ran to a seat to type this up before I forgot the details. :)

So long as people do that with their username/password, there’s nothing we can do in the security world to protect people. Perhaps we need to spend more time helping users deploy systems in a way that lets them get what they need done, and not in a way that protects them in ways that encourage them to share their usernames/passwords.