Piccadilly Inc – Security Fail: Level 100. Are You Serious?3 min read
Piccadilly just forced my hand through my forehead from the facepalm I just did. A co-worker posted a picture of this notebook at a store and at first I thought it was a joke. The cover looked too official to be fake and I recognized the company name Piccadilly. I went over to their website, did a search on the word password and sure enough they have this product for sale.
The description of the product is something you might find in a training module of what not to do –
Designed with all web gurus in mind! The compact size and fun design make it easy for you to keep it in your desk, purse, or secret hiding place.
Web gurus must mean people who browse websites all the time but have very limited technology or basic security knowledge. Because if they were aware, those people would know writing down all your usernames/passwords and the websites they are for in a single notebook is a bad idea. Especially when that book is called Internet Password Logbook.
Gee, I wonder what’s in here?
It’s compact and easy to keep this treasure trove of accounts in your desk, purse or secret hiding places. Because there are no safer places to store the keys to your life and probably your business’ life in a desk or purse.
The pages in the notebook are nicely designed to give anyone, everything they need to ruin someone’s day or life.
They have an alternate style too with a picture of a lock on it that will keep prying eyes away.
As a security professional I work everyday educating, training, strategizing and helping companies and their employees, customers and partners be more secure. The number one No-No in any awareness course is DO NOT WRITE DOWN YOUR PASSWORDS, EVER. Yet, we have a company offering a very nice, quality notepad designed specifically to do help people do exact opposite.
When you think the world is making progress I see things like this and just shake my head. Can you imagine seeing someone like in the marketing photo below doing this?
Of all the notebooks and journals they sell, and I own many from Piccadilly, this one needs to be pulled off their site. The encouragement of this dangerous practice for an individual needs to be called out. People that would actually buy something like this has no clue, blinders on to the world and is naive to the risks using the Internet brings. These are the types of people that become victims. Corporate level security training is and should be applicable to every level of someone’s life. Security risks don’t change when you go home. In most cases your home security risks are far greater than in your workplace because you do not have the protections and discipline in place as the office life does.
Piccadilly can’t be fully at fault, mostly though, I am sure someone made the decision to embrace and make a product for something people do anyway. If they are going to do it they might as well pay us for a product for them to do it in. $$$. Good marketing but not when it comes to security and the types of information they would put into this. Bank logins, business logins, email accounts, etc… They probably would put in credit card numbers and other highly sensitive information in one location. What happens if they lost it? Disaster.
There are online solutions for people to safely and securely store accounts, passwords and other sensitive information used online. I use LastPass. There is also 1Password I would recommend and several others if you look into it.
Regardless, writing that data down in a notebook is the worst option you could choose.
End of line.
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.
Follow Me On Twitter