Best Buy's surprisingly insecure approach to new PC setup

JMH · May 18, 2012

A basic rule of password-based security is "don't write down your password." A second rule might be "don't train people to write down passwords." And a third rule, which few follow, is "don't adopt password policies that lead to people writing their passwords down" (over-aggressive change requirements often have this effect, for instance).

Best Buy hasn't received the memo, apparently. This past Friday I came in contact with a surprisingly bad password policy in action as I shopped with my brother for his new computer in Scottsdale, Arizona. He had settled on an HP Windows 7 machine and was in the process of paying for it when a Best Buy employee handed him an 8.5” by 11” sheet of paper labeled “PC Recommendation Worksheet.”

http://arstechnica.com/security/2012/05/best-buy-collecting-email-passwords/

Search

Search

Best Buy's surprisingly insecure approach to new PC setup

JMH

Emeritus, Contributor