Password Management For Escape Room Companies & Individuals

18 September 2016

3 minutes

Information security and operational security are issues near and dear to my heart.

When I am not escaping rooms, I do digital strategy and user experience work for large web applications. I have designed some life or death systems.

Whether you’re dealing with a major organization’s mission critical software or an individual on the internet, basic password security is important.

A black & white closeup drawing of a computer keyboard.

Passwords & escape room companies

At the Chicago Room Escape Conference, Dave Ferrier of Trapped PHL gave a talk on the “nuts and bolts” of running an escape room. He dropped a ton of knowledge on the audience in a very informative talk.

One issue he raised, which I hadn’t even contemplated, was the volume of usernames and passwords that a room escape company needs to operate the business:

Email
Facebook
Twitter
Instagram
Pinterest
Website administration
Ticketing system
Groupon / Livingsocial / other marketing platforms
Payroll system

Among many others.

He recommended that companies maintain a Google Doc with all of their accounts, usernames, and passwords.

I loved his talk and his point was well taken… but the recommendation to use Google Docs broke my heart. I don’t blame him; account security isn’t common knowledge. I regularly have to teach people who should know better about this stuff.

Storing account credentials unencrypted is never safe.

Why password security matters

“Hacking” isn’t generally what Hollywood portrays: the nerdy guy or the tattooed punkish sexy geek girl clacking away on a computer in a monitor-lit room, then saying “I’m in!”

Yeah, that shit is fake.

The easy way to do real damage and make money is through social engineering and exploiting leaked password data. This requires no technical skill and no code.

Here’s how it works:

Some asshat wants to seize an account and do some bad stuff (make fraudulent purchases, add a computer to a botnet, steal naked selfies, whatever…). All this nefarious putz needs to do is get their hands on one good username and password combination and they can generally own all of their victim’s systems.

Why? The tragic magic of password reuse.

Far too many people reuse passwords. When a major password leak happens — and they happen all of the time — these criminals can grab username/ password combinations and try them in other accounts. This works because the username/ password that many users use in Dropbox is the same as their Amazon or Gmail credentials.

As soon as a set of credentials works on an email account, the whole ballgame is over. They can reset passwords on your other accounts because password resets filter through email.

How to properly handle password security

First, stop reusing passwords. Every account you own should have a unique password.

But how are you supposed to remember all of this? Easy. You don’t.

Get yourself a password management system. I recommend:

These are systems that will generate large, random, alphanumeric, symboled passwords… and store them for you. As LastPass & 1Password’s names imply, you only need to remember one password to gain access to the system.

These things will allow you to:

greatly diminish the risks of password reuse
store your passwords in an encrypted format
privately share passwords with people who need access
allow easy access on desktop and mobile

They offer a lot of additional benefits. I use LastPass and 1Password (work and personal), and they are the best investment I’ve made in paid software (something like $12 a year).

LifeHacker has a great writeup of password management software. They also offer a superb starter’s guide for LastPass.

It’s really important that your password for your password management software is really good.

Please, take the time to handle your passwords properly.

Practice safe computing.

3 responses to “Password Management For Escape Room Companies & Individuals”

Lloyd Hill

September 19, 2016 at 6:49 pm

Chicago Escape Room Conference had so many problems, it unbelievable that a professional conference promotion company could produce so many mistakes. I have been to at least dozen conferences and this one was a mess. The following reasons: 1) Almost every room conference ran out of the outlines…signed a sheet with email address and have never received one outline. They knew that they were
short after the first room ran out and make no effort to print more at the local copy store. 2) To many competing lectures at the same times. 3) Asking people to leave a room where they had just done a lecture. Then go back outside and get in line to do the next lecture (stupid idea) and extremely difficult for the handicap like myself. I finally just refused… then it was ok. 4) The lectures were to short to cover the amount of information that was being imparted. 5) Allowing questions during the lecture and taking up so much time that they always rushed the end. One lecturer just skipped the entire end saying ” I already covered the material in a earlier lecture so I’m just going to skip it.” Well I wasn’t in that lecture…thanks a lot. Questions should be held until the very end or after the lecture. 6) The conference company didn’t allow time for people to visit the vendors on the floor by scheduling nearly all the lectures during show hours. Having talked to most of the vendors, some were very dissatified. If I had been a vendor, I would have asked for a discount or my entire money back. Totaly poor professionalism in my opinion. 7) Lunch hour was scheduled at the same time as the lectures or allowing only 15 minutes at most between lecture starts. The line to get lunch were extremely long and slow, many people had to leave without eating. One day we sat in a restaurant for 25 minutes before anyone waited on us… the wait time to get food was 30 to 45 minutes.
8) From my understanding from talking to the conference employees that they do conferences all over the country and are a professional conference company.
I like the idea of a Escape Room Conference and received a few tips from some of the lecturers. However, about half to two-thirds of the attendees were new to the Escape Room Business, either just opened or planning on opening in the near future their own escape room business. The negativity and elitism of some of the speakers, expounding that they should give up and find something else to do since they could not compete, unless they were willing to spent a million dollars on their escape room business. This elitism and negativity was possibly disheartening for many and not true. This information basically came from the escape rooms in Canada, which is a very competitive market and information like “there will only 3 to 5 companies left in their city with just a few years and will cost millions to remain competitive in their market.” However, we don’t care about Canada since most of the attendee’s were from the USA. I believe this lecture was a way to discourage people from coming to Canada to open another competing room and discouraging them from opening a escape room business at all. I don’t believe that what this conference was to be about…. It certainly seemed like that to me. It cost me and my son about $3,000. 00 each. We came and experienced this conference and left with a bad taste in our mouths. We didn’t come to experience the above 8 problems. I think that an Escape Room Conference could be a wonderful and should be wonderful but properly scheduled lectures that don’t totally have conflicting times and starting exactly at the time one ends and the other starts. More time to visit the vendor floor without skipping lectures. Also allowing for lunch with one lecture ending 15 to 30 minutes into the lunch time allotted and the other starting 15 minutes later during lunch.
I hope a more compentent conference company does the one in Buffalo, N.Y. or this one makes the above changes. I won’t support this conference by going and being treated as poorly and unprofessionally as I way as this Chicago conferencee if no changes are made. This professionalism no just a money grab.

Reply
1. David Spira
  
  September 20, 2016 at 8:51 pm
  
  Hi Lloyd. There’s a lot to unpack here, and I cannot speak to most of it as this was not my conference, and I had a very different set of experiences (I think because I was there under very different circumstances).
  
  I wrote a longer post on my thoughts (positive and negative) about the Chicago Conference: https://roomescapeartist.com/2016/08/24/thoughts-on-the-chicago-room-escape-conference/ I’m not going to repeat anything I wrote there.
  
  The Toronto market is very dense and competitive. I do think that it is a fair representation of crowded escape room markets. While I do think that the circumstances are different from market to market, I wouldn’t entirely write off that discussion. There are legitimate concerns about the longterm viability of so many escape room companies.
  
  All of that said, you aren’t the first person to tell me that they felt frustrated and discouraged by some of the speakers. I do think that both the encouraging and discouraging messages are important. Starting one of these companies is a major financial investment, and the competition is rapidly increasing and becoming increasingly tough.
  
  I think that the discouraging talks are important because there will eventually be a retraction in the room escape market. The boom that we are currently experiencing cannot continue forever. https://roomescapeartist.com/2016/06/26/two-years-of-room-escapes-the-growth-of-the-us-market/
  
  I’ll also agree that while Transworld has put on a ton of conferences, this was their first real foray into Room Escapes. I know that there were plenty of lessons learned, and there are plans for further iteration.
  
  While I know that I cannot change the experience that you had, I do hope that this perspective is helpful. Thank you for reading, and thank you for sharing. I will make sure that the folks from Transworld see your concerns.
  
  Reply
2. Rich Bianco
  
  September 21, 2016 at 8:06 pm
  
  Hello Lloyd,
  First let me start by apologizing for the bad experiences you had. I don’t want to make any excuses, id prefer to get your feedback and try my best to improve on these issues for the next show. I would appreciate if you had time to talk so we could go over all of your concerns and let you know how we plan to address them at the next show. A lot of these things have been addressed already but Id like to talk to you about them. Your feedback and every attendees feedback is very much appreciated. Please feel free to contact me as soon as possible. If you could email me your phone number I would be happy to call you. You can email me at rich@haashow.com or just call me at 412-812-1773. Both Jen and I would like to hear from you.
  Thanks so much,
  Rich Bianco
  
  Reply

🖋️ Author

Written by

David Spira

Co-Founder of Room Escape Artist & Co-Host of Reality Escape Pod. David conceived of Room Escape Artist because he saw the potential of this new entertainment medium back in 2014. From the start, he applied his professional skills as a digital experience designer to the burgeoning industry of escape rooms. David is full of ideas: from in-depth research pieces to new content types… like cute animals solving puzzles. He is always pushing REA to try new things, take risks, and be something more.

Room Escape Artist