NationStates Jolt Archive


Passwords: Who is Most Responsible?

Tamarket
11-10-2004, 13:40
If someone gives out their password, and not change it for over a year, and someone else gets into their account, whose fault is it?

I think it`s the fault of the one who gave out the password. If they are that dumb, they are just asking for trouble.

For example, if a policeman doesn`t stop a mugging in progress, despite being present and being capable of stopping it, is he responsible? After all, to uphold the law is his job and responsibility. If he arrives after the mugger has beat up his victim, is that good enough? If he could have stopped it before the victim was hurt, why did he only do it afterwards?

The one who gave out his own password started the chain of events leading to his account being abused.

The person who abused the password was person C. Person A gave it to person B, who gave it to person C.

You should always be careful that if you give out your password to one person, it may not stay that way for long because of the Internet and near-instant communications.

IMO, once you give out your password, you immediately forfeit all rights to your account.

Person A never told person B not to give out the password.

If the admins don`t check the IPs of successful logins, only the IPs of suspicious posts, then they are missing out on 90% of successful logins.

Some forums tell you `There have been X number of unsuccessful attempts to log in since your last login.`

With person A, if that was available, it would say `There has been 1 unsuccessful attempt to log in since your last login, and that was due to an incorrect spelling.`

It got to the point where persons D through M were spreading rumours about person A`s password, and they were all correct.

The one whose account I got into should thank the one who broke in - now no one else can abuse his account.
The Irken Peoples
11-10-2004, 13:52
The person that gave it out is resonsible for violating security policy and is therefore responsible for the actions of the person using it, who is the actual one who cracked the account.

I dunno, to be honest, I'm sick and tired of passwords. I have over twenty (that's right, 20+) seperate passwords and codes I use at the workplace on a regular basis, all of which have to be memorized, not written down, and different from one another.

Oh, and changed every 30 days!

*sigh*
-Bretonia-
11-10-2004, 13:52
The person who gave out his or her password is just stupid and deserves everything he or she gets. But the person (or people) who abused this password are also responsible because they shouldn't be such jerks in the first place. I would say they're both at fault.
By the same logic, that would be like saying if you forget to lock your door or shut a window, the burglar is not to blame for the ensuing robbery.

EDIT = I just accidentally voted 'unsure', so you can count one unsure vote as 'both equally responsible'...
Sydenia
11-10-2004, 16:12
"The one who gave out His Own Password"
"The one who gave it to the Other Person"

Aren't those the same answer, basically?

I'm going to go with the person who the password didn't belong to. It was careless to give out the password, as it would be careless for me to place a valuable item on the table of a busy restaurant, and then go to the bathroom leaving it unattended.

What that said, careless != theft.

Yes, giving out the password makes it easier for them to get into the account. However, that doesn't change the fact that they had no business going in to the account in the first place; anymore than someone has the right to steal a valuable object if I leave it unattended.

There are plenty of reasons people give out their passwords (social engineering, need help with account, need something done or checked while they are away). None of these, bar perhaps just handing the account willingly to the other person, would put the two people on the same level of responsibility in my mind.

That's just me.
TheOneRule
11-10-2004, 16:16
If a police officer does not stop a mugging in progress, he is by no means responsible for the actions of said mugger. He is responsible for not stopping a crime when he could have been able to, but that does not aleviate the responsiblility of the mugger.

That would be like saying that because the police officer didin't do anything, he caused the mugger to commit the crime.

If a person gave out his password, he is responsible for any harm done to him because of that. The person doing harm is also, equally responsible for doing the harm. If a person gave out his password, it doesn't give anyone a right to harm them.
Tamarket
20-10-2004, 03:37
"The one who gave out His Own Password"
"The one who gave it to the Other Person"

Aren't those the same answer, basically?

Sorry, I should have made it clearer. Person A is the one who gave it out in the first place, and person B is the one who gave it to person C.

I'm going to go with the person who the password didn't belong to. It was careless to give out the password, as it would be careless for me to place a valuable item on the table of a busy restaurant, and then go to the bathroom leaving it unattended.

What that said, careless != theft.

Yes, giving out the password makes it easier for them to get into the account. However, that doesn't change the fact that they had no business going in to the account in the first place; anymore than someone has the right to steal a valuable object if I leave it unattended.

There is a difference between accidentally leaving something on a table out of carelessness nand giving out your car keys or your passwords deliberately.

There are plenty of reasons people give out their passwords (social engineering, need help with account, need something done or checked while they are away). None of these, bar perhaps just handing the account willingly to the other person, would put the two people on the same level of responsibility in my mind.

That's just me.

Even if that's the case, the password should be changed immediately afterwards. Anything else is plain stupid and careless.

If a police officer does not stop a mugging in progress, he is by no means responsible for the actions of said mugger. He is responsible for not stopping a crime when he could have been able to, but that does not aleviate the responsiblility of the mugger.

That would be like saying that because the police officer didin't do anything, he caused the mugger to commit the crime.

So? The policeman would be guilty through omission if he did nothing to stop the mugging.

If a person gave out his password, he is responsible for any harm done to him because of that. The person doing harm is also, equally responsible for doing the harm. If a person gave out his password, it doesn't give anyone a right to harm them.

Maybe so, but the owner of the account would get 100% of the blame in schools and corporations if he gave out his password and someone got into his account.
Stephistan
20-10-2004, 04:43
Nationstates policy.. the person who gave out their password. Too bad so sad.
Moonshine
20-10-2004, 05:08
Your account.
Your password.
Your responsibility.
That is how it works in the world.

If you work for a store and have a password to get into the EPOS systems, and you give it out - then someone steals 100k from the store - that is your fault.

This is why you should never give out a password. To anybody. Yes, not even your own mother.
Tamarket
20-10-2004, 06:08
Nationstates policy.. the person who gave out their password. Too bad so sad.

Cool. So what would happen if a moderator's account was broken into (as happened on another website)? Would they have a new account made for them or would they be permanently kicked off the team?

Your account.
Your password.
Your responsibility.
That is how it works in the world.

If you work for a store and have a password to get into the EPOS systems, and you give it out - then someone steals 100k from the store - that is your fault.

This is why you should never give out a password. To anybody. Yes, not even your own mother.

I agree. The person who gave it out didn't give it to a family member. It's more likely that he gave it out to his lover. :fluffle: :eek: :D