Nick and Margaret: The Trouble with Our Trains is a BBC Two show featuring Nick Hewer and Margaret Mountford, who explore "the sorry state of the British rail network."
The dynamic duo's travels took them to the Wessex Integrated Control Centre, located above the platform entrances at London Waterloo railway station, manned 24 hours a day by teams of controllers from both South West Trains and Network Rail.
[The] documentary revealed more than it planned this week, exposing the passwords used at a rail control centre.
The article features a frame of the video which shows the complex login credentials taped to an LCD panel of a Windows XP terminal.
One might wonder if overstrict password policy brought this about, except obviously a strict password policy would not allow the password that is stickied to the monitor..
(Score: 2) by frojack on Monday May 04 2015, @11:46PM
Correction, there are a lot of security holes in SOME popular password safes. Others, not so bad.
But on windows, the clipboard is weak.
No, you are mistaken. I've always had this sig.
(Score: 2) by vux984 on Tuesday May 05 2015, @01:15AM
But on windows, the clipboard is weak.
I understand that it is a vulnerability. But I'm curious how the OSX, Android, iOS, or Linux etc clipboards are more secure than Windows?
A password manager that uses a separate non-clipboard and then is activated by a system hotkey to emit the password to the active application might work better. But it'll still fall prey to keylogging etc. So I'm not sure that accomplishes anything.
(Score: 0) by Anonymous Coward on Tuesday May 05 2015, @10:42AM
X11 has a feature that an application can secure the keyboard, so that keypresses are only sent to that single application, and none other. It seems to be rarely used for password prompts these days, though (actually the only programs that I know to activate it automatically for passwords are Emacs and locking screensavers, and the only program I know where you can enable it manually is xterm).
Of course that doesn't help against keyloggers that intercept the keyboard at a lower level; however it at least increases the difficulty (X11 keylogging can be done from the user account; I'm not sure that this is also possible for lower-level keylogging).