I see no problem with it. Securing a room is a known problem, and relatively easy to do, particularly in a military base. You have physical locks and guards. If you know that the people who have access to the room should also be able to access that part of the network, the physical security secures the network.
The username and password, then, keep out people who don't have access to that room.
Even with the actual document photochopped out, the credentials could still show in a mirror or monitor. Or maybe soon we'll be able to recreate missing parts of images by analyzing the ambient light distributions in the rest of the photo...
Second option is rather unlikely, given how many unknowns you would be solving against (geometry of the seen, geometry of the not seen, incident light sources, camera response curve etc) from comparatively very little data (a continuous signal that is sampled and heavily quantized to just 8 bits per channel).
Good point. We could reduce some of those unknowns by getting the original photograph (would have camera data in its metadata), and we could assume at least some of the light sources in the ceiling and through windows.
Yes you can limit the problem until we can get something useful out of the other end but it is very very hard. Here is one of the latest works on the topic: "Accidental pinhole and pinspeck cameras: revealing the scene outside the picture" (Torralba & Freeman).
Whomever put that up will be breached, which is not a pleasant experience. The level of dressing down will be aligned with the sensitivity of the environment the account is used for. In the case of MilFLIP, it's an Internet facing resource so there's nothing too serious.
Milflip's an Internet-based web site for military flight information, primarily approach processes for different places. If it's the same milflip it won't be too serious. The user guide is publicly available online[1], as is the site.
I would imagine that it covers the sort of disciplinary offences where one's commanding officer can impose some form of punishment or official reprimand without there needing to be a court martial. The US equivalent would be, I think, a Nonjudicial Punishment or Article 15.
Purely as an FYI, what Americans would refer to as a court-martial would also be a court-martial in the UK.
I would think it'd be closer to a mast/NJP (non-judicial punishment) where you basically get yelled at, get some sort of grunt duty (cleaning the latrine for a month?), maybe have a note in your file if the CO deems it severe enough.
As an aviator in the US military, I'm not surprised. This is common practice. The system in question is for public domain UK aviation charts and pubs. Many of the unclassified systems I use have the user and password taped to the monitor.
US military unclassified systems are a mess... a spaghetti bowl of disjoint networks, operating systems, hardware, desktop and Internet applications designed by a multitude of lowest bid government contractors with little sense for usability and often very poor technical skills.
There is a certain chance that this is not, in fact, an example of bad password management. This service ("MilFlip") could be an internal service on an internal, secure network (the kind of networks that, if someone was to penetrate it, you have bigger fish to fry than keeping them out of "MilFlip") that just doesn't have a good way of turning passwords off - and, to be "secure", requires a non-simple password.
What if your netadmin makes you change it every three weeks?
Edit: Whoever downvoted me obviously undermines how quickly 'password lag' builds up if you're made to change your passwords often and forced to not use the last 3 or 5 passwords again.
Particularly for sites you only log into every few months. One time passwords, with a 6 week lag between use require a password manager. Memory will not cut it.
And if you are nontechnical that means paper. I consulted a decade ago with a team that had ~5 systems like this. The office was awash in sticky notes. Sometimes security policies are a menace to actual security.
What else would you use? Biometrics are expensive, and far less secure than passwords in most instances. Besides, once you have that information, it will get converted to a hash (same as a password) so you're really stuck with the same problem from a hacking point of view. And once somebody figures out the rainbow table for your retina, what are you supposed to do, change your retina?
Two factor auth is really the best way, and although it's kludgy, it provides the best protection. And it includes a password.
Some implementations are, but the concept is sound and can work smoothly. Your second factor could be a smart card or a USB dongle that's simply plugged in. Like an ATM, especially European ones.
Wouldn't it be cool if the second factor was something that was passive on your part. Something like an NFC on your phone, where the NFC "bubble" is boosted just enough that you don't need to pull it out of your pocket but isn't too large.
No, that's a bad idea. Requiring a positive action is better than passively scanning.
One of the big problems with automated online systems is that the user often has no chance to notice that something is going wrong. Giving them a chance to notice anomalies improves security.
E.g. I'll know if my house is broken in to, unless it's done by the very best (funded). OTOH someone could be copying my harddrive as we speak, and in many cases I'd have no idea.
you do realize this is the ministry of defense, right? they have budget and need. a clear cut case for better security needs than almost anyone. and they also have a history of saying "damn the usability" in the pursuit of their security goals.
some open source projects have better security, it seems, than the MOD. wtf? talk about an asymmetric world.
hardware tokens and/or biometrics (depending on the system they need access to). soft tokens (e.g. mobile devices) for low-sensitivity systems. widely available COTS laptops have fingerprint scanners, ffs.
given the nature of the work the system shouldn't be comprisable if a picture of a password gets out, which is suggested in this case. (the fact that it was written down suggests other failings, yes, in all sorts of areas.) your objections (cost, usability, etc), in this case, are pretty weak when you consider the sensitivity of the assets being protected.
soft token-based two factor auth is a growing commodity. key-based auth is commonplace now, and is recognized as strong. finally USB-tokens are also COTS at this point. given that a major government agency which supposedly knows a lot about security got hosed by this, i would expect the market to lag, not lead, security practices.
Laptop fingerprint scanners usually work by just storing the windows password in the registry (under reversible encryption). I'm not sure that's really a security enhancement.
And every one of your examples uses passwords in conjunction with a second factor, or uses biometrics which is a heavily flawed idea as I previously pointed out. Your answer does not support the comment you originally made. You're fighting windmills brother.
see, i don't think i am "fighting windmills", as you can guess, and here's why. the implication of having to change passwords due to this photo is that the only thing between an outsider and the inside was a password. my original comment was that no one had yet questioned the viability of passwords. not a one! so far it has just been "oh, i would have gotten shitcanned for that, lucky him he's a royal" and "oops!" no one on the esteemed HN had spoken up that holy crap passwords.
while my job in infosec isn't related to AAA i know that better stuff exists and that it's in budget and applicable here. i offered some ideas, you offer up criticisms, but i'm still wondering how no one had spoken up about the crappiness of it being 2012 and we still rely on passwords.
I've got some better advice. Don't stick passwords to the wall (or monitor) in the first place!