Panic Passwords | Details
Posted on 2021-01-31
Misc
I've slowly started going through some older things I've written over the last few years. This is part of deblobbing my life and thinning out old emails that I no longer need to keep. Most things I've saved I don't really need, but every once in a while I find something I don't want to forget about.
Panic Passwords
Several years ago when I was part of the security cohort for a former place of employment, I pushed the idea of using "panic passwords" for use when someone under duress logs in. I still really like this idea, though I haven't seen it in use anywhere. These days, most of the systems I work with use some kind of signle sign-on system to handle authentication and then redirect the user back.
This is a surface area that most security teams don't touch, other than watching repeat incorrect login attempts.
Specifically thinking about web apps, an alternative option could include something in the UI that users could interact with. It could also double as something that an intruder might interact with, thinking it does one thing, but they actually have just set off an alert.
In high school, two of my closest friends said they wanted to learn morse code so they could talk in class while tapping their pencils/pens on their desks. At the time, I think I had two alternate ideas. I thought learning brail would help me better because I could read in the dark while developing photos. I also wanted to learn more (ASL) sign language. The way I remember it, I suggested sign language, but they thought it would draw too much attention. I don't know if they ever followed through, but I learned SOS. And while I don't agree with the political career of Jeremiah Denton at all, a side band communication could come in handy if I'm ever a POW on broadcast TV:
-/---/.-./-/..-/.-./.