Today I was visiting a friends office and like many offices in NYC they have a shared bathroom in the hall for the entire floor. In this building it had five buttons on the door that when pressed in the correct order unlocked the door. A simple password.
In our office we have a similarly shared bathroom, but instead of a password, we have a physical key required to unlock the door.
A password for the bathroom was just the right amount of security. It prevented just any stranger from easily accessing the bathroom, but wasn’t inconvenient and easy to provide access to. My friend simply told me the password and I as a visitor had all I needed to enter. It was the right amount of security for the right purpose.
Our physical key certainly provides a higher level of security, but with additional inconvenience. Physical keys hang next to our door which is easy enough, but what happens when someone took the key into the bathroom, or home with them. The solution is for everyone to make their own copy which is excessive and unnecessary for a bathroom.
If our expensive merchandise was stored in a room, would we use a password to guard it. Never, wouldn’t think twice about it, we would have multiple security measures in place (and do at Portero Luxury). Keys, codes and surveillance.
In our increasingly electronic world how many times are you using passwords for sensitive data when a key (or key + alarm + password + …) is appropriate. Or even worse, how many places share the same password. Is your email and bank password the same? If someone had access to your email address & password from a single site how much could they access? what damage could they do?
For those that claim they choose insecure over inconvenient I say to you why choose. You can have both secure and convenient. Excellent tools exist to fix this problem, whether it is server (SSH keys) or browser 1 password (mac) or KeePass (win).