Have you seen the photo that’s been making the rounds on Twitter? It’s some important guy standing in the communications center of the World Cup that’s taking place in Brazil. On one of the huge screens behind him, we can see the password for the WiFi.
(By the way, it’s been a great tournament, so far!)
If you’ve been following us on Twitter and reading the Sticky Password blog, you may remember that something very similar happened at the Super Bowl. Local TV station CBS did a walk-through tour of the security facility and caught the password for the WiFi on camera.
So, is this a major security breach?
Not really. Sure, it sends the wrong message about security and good password practices, but it’s not really a big deal.
Mostly, it’s embarrassing to the organizers and the IT crowd.
It just go to show that the folks that set up the technology for events like this behave the same way as most people do at home. While we don’t recommend posting any passwords publicly, there are some differences between doing this at home and what happens in tech rooms like the ones in the picture.
At home, there are a limited number of people that need access to the WiFi and you probably never change the WiFi password. Once you’ve set up with the connections for all the family devices, you really don’t need to have the password out in the open. Your neighbors and the delivery guy don’t need to see your password!
At events like this, though, a lot of people need access to the WiFi. The most effective way of getting the password to them is to post it in an area where the most people will see it. Since the communications center is restricted to authorized individuals only, it makes logistical sense to post the passwords there. In addition, we wouldn’t be surprised to find out that the password was changed every day – which would be another reason for the need to post the password where people with a need-to-know would see it.
File under: don’t do this at home!
Anyway, you can bet that the password was changed right after this photo was tweeted. And, we’re pretty sure that the new password was immediately posted on the big board.
The next thing that happened was that everyone was told that there would be no more photo opportunities in the communications center.