The Parrot

By Bruce Webber
Posted 2020-07-27 in humor

---

When faced with a problem, sometimes a radical solution is needed.

In our test environment we typically share login IDs. This makes it easy to have different IDs for different testing scenarios, and makes testing consistent. The question is: how should we share these IDs and passwords? Post them on sticky notes? Create a wiki page for them? None of these solutions are consistent with good security practices.

Our solution is a parrot. Specifically a parrot that, when hearing an ID, recites the associated password. This eliminates the sticky notes, the wiki pages, and the need to ask a co-worker for a password.

If you decide to follow this course, I recommend the following:

• Test the parrot before purchasing it. You want a parrot that is reliable and consistent. For example, a parrot that sleeps a lot during working hours will prove to be more trouble than it's worth.
• Don't get discouraged! It takes time to train a parrot to respond with the right passwords!
• Provide a cage (ideally a dedicated room) for the parrot. If the parrot is allowed to fly freely it may be difficult to find it and retrieve a password. Also, I've never known a developer who likes seeing bird shit on their laptop.
• Relocate the parrot during audits. An auditor may be surprised to hear a bird squawking security credentials. (This is another reason to have a dedicated room for the parrot.)
• Purchase and train a second parrot as a backup, and periodically house the parrots together so they can exchange passwords. (This is called password synchronization.)

Implementing this solution can be challenging but rewarding. Feel free to contact me with questions, or take a look at the many resources available on the web. There are online courses and even certifications. I am proud to be a CSPS: a Certified Security Parrot Specialist. (See my resume.)