34

We know that Gryffindor Tower uses a password system: one provides the password and is granted access. A non-Gryffindor using the wrong password may be against school rules, but is perfectly possible. Indeed, we frequently see Neville locked out because he has forgotten the all-important password. Yet, when Sir Cadogan lets Sirius Black in with the password, he is fired. Why?

Theory #1: he should have recognized Sirius Black. But why? If the portraits can recognize people, why are passwords used at all? Subsequent to this incident, Flitwick apparently taught the front doors to recognize Black, but no one mentions training the common room portraits.

Theory #2: he should have been suspicious that Sirius read the passwords off a sheet. And yet, the Fat Lady clearly witnessed Gryffindors telling each other the password and getting in. Further, Neville has been using a list of passwords for some time.

cag51
  • 422
  • 4
  • 10
  • 4
    If you're a security guard and a break-in happens when you're on duty then you could still be fired for not doing your job. You could say "I just followed procedure" but your boss might not see it that way. – The Dark Lord Apr 01 '19 at 10:54
  • 1
    I always just assumed it was because he let someone into the common room who wasn't a teacher or a student. Anyone who takes the portrait job should surely recognise all the teachers at least... –  Apr 01 '19 at 14:58
  • Sirius Black is a filthy, emaciated adult with a knife. Hogwarts has about 10 teachers, and he's not one of them and probably wouldn't be confused for a teacher. – AJFaraday Apr 03 '19 at 10:06

3 Answers3

46

It may have been his fault.

Sirius Black was able to gain entry to the common room by using a stolen list of passwords. But why would someone have such a list? We are actually told why, earlier in the story back in Chapter Twelve:

"I've lost the passwords!" Neville told them miserably. "I made him tell me what passwords he was going to use this week, because he keeps changing them, and now I don't know what I've done with them!"

We see that Neville only had to write down the passwords because Sir Cadogan continually changed them. Under a regular portrait's reign, a single password could be operative for weeks at a time. For example, in Goblet of Fire the password at the beginning of the term was "balderdash", and that was still the password several months later in December. From Chapter Twelve:

"Password?" she said as they approached.

"Balderdash," said George, "a prefect downstairs told me."

Then in Chapter Twenty-One:

The start of December brought wind and sleet to Hogwarts.

"Wonder where she's got to?" Ron said as he and Harry went back to Gryffindor Tower.

"Dunno . . . balderdash."

But the Fat Lady had barely begun to swing forward when the sound of racing feet behind them announced Hermione's arrival.

Thus, it could be argued that Sir Cadogan was principally to blame for the break-in. Had he not had such deviant password policies Neville would have never had to write the passwords down, so Sirius would never have been able to gain entry to the common room with a stolen list.

Alex
  • 44,709
  • 7
  • 159
  • 202
  • 65
    Amusingly, this is a problem that Muggles have solved. NIST recommends not rotating passwords at arbitrary intervals, and instead to only change them when there is reason to believe they may be compromised, because it encourages users to resort to insecure practices in order to remember them - such as writing them all down on an easily-misplaced piece of paper... – anaximander Apr 01 '19 at 12:05
  • 7
    From that quote, it also seems he was the one who told someone all the passwords he was going to use for a week, while knowing that person wouldn't remember them. In other words, he practically encouraged someone to write them all down. If that's not bad security practice... – Jasper Apr 01 '19 at 13:09
  • 6
    @anaximander: Meh, my Muggle company's password policy is still to change them quaterly :/ – Matthieu M. Apr 01 '19 at 13:34
  • @anacimander Interesting comment. Can you provide a link elaborating on that NIST recommendation? – Barranka Apr 01 '19 at 15:09
  • Nice answer, hadn't considered that he was fired for generally being bad at his job, which led to this incident, rather than for this incident in isolation. – cag51 Apr 01 '19 at 15:59
  • 6
    @cag51 Maybe this deserves mention in the answer itself, but if you look at McGonagall's reaction, once Sir Cadogan said that Sirius had the passwords she did not further rebuke him. Instead she went after Neville for writing them down. This perhaps indicates that she agreed that Sir Cadogan hadn't done anything wrong by letting Sirius in. – Alex Apr 01 '19 at 16:05
  • 7
    @Barranka Digital Identity Guidelines: Authentication and Lifecycle Management – Kapler Apr 01 '19 at 18:02
  • Not explicitly mentioned in the answer, but strongly related: Sir Cadogan giving the passwords to Neville surely violates some policy… – wrtlprnft Apr 01 '19 at 18:27
  • @wrtlprnft https://scifi.stackexchange.com/q/208320/100430 – Alex Apr 01 '19 at 18:29
  • 2
    Security at the expense of usability comes at the expense of security - that's a StackExchange idiom – Harper - Reinstate Monica Apr 01 '19 at 23:01
  • @Harper That link is tripping the adult content filters at my university. You might want to consider finding a copy on a different hosting service, if such a thing exists anywhere, or rehosting it somewhere more safe if it's yours. – nick012000 Apr 02 '19 at 05:54
  • 2
    @nick012000 he should have linked: AviD's Tenet of Usability (in that answer he calls it "rule" but in this answer he refers to it as "tenet" which I prefer) – Baldrickk Apr 02 '19 at 13:50
  • @nick012000 I myself get a Cloudflare "are you part of a DDOS?" challenge, are you seeing that maybe? It is the guy's personal domain, and he is in security... so maybe vengeful hackers once put porn there, or falsely added him to whatever porn list your university outsources, or your university is nuts? Anyway you should tell your IT department because whatever list he's on is a bad one. – Harper - Reinstate Monica Apr 02 '19 at 15:55
  • @wrtlprnft: It surely would break some policy in a real-world school today — but in the kind of schools Hogwarts is based on (e.g. early–mid 20th century British public schools), I think that’s much less likely. Historically that sort of thing was much more likely to be handled by personal discretion than by so many regulations or procedures. – PLL Apr 02 '19 at 16:17
31

Sir Cadogan likely wasn’t fired for Sirius.

Though Professor McGonagall did question him about if he let Sirius in, she only seemed upset with Sir Cadogan when she thought he let Sirius in without the password. After she learned that Sirius did have the passwords, she was instead angry at the student who wrote them down, Neville Longbottom.

“Sir Cadogan, did you just let a man enter Gryffindor Tower?’

‘Certainly, good lady!’ cried Sir Cadogan.

There was a stunned silence, both inside and outside the common room.

‘You – you did?’ said Professor McGonagall. ‘But – but the password!’

‘He had ’em!’ said Sir Cadogan proudly. ‘Had the whole week’s, my lady! Read ’em off a little piece of paper!’

Professor McGonagall pulled herself back through the portrait hole to face the stunned crowd. She was white as chalk.

‘Which person,’ she said, her voice shaking, ‘which abysmally foolish person wrote down this week’s passwords and left them lying around?’

There was utter silence, broken by the smallest of terrified squeaks. Neville Longbottom, trembling from head to fluffy-slippered toes, raised his hand slowly into the air.”
- Harry Potter and the Prisoner of Azkaban, Chapter 13 (Gryffindor versus Ravenclaw)

After that, it’s clear that Neville is the one Professor McGonagall faults for Sirius being able to break in. Neville is punished severely, and isn’t allowed to know the passwords.

“Neville was in total disgrace. Professor McGonagall was so furious with him she had banned him from all future Hogsmeade visits, given him a detention and forbidden anyone to give him the password into the Tower. Poor Neville was forced to wait outside the common room every night for somebody to let him in, while the security trolls leered unpleasantly at him.”
- Harry Potter and the Prisoner of Azkaban, Chapter 14 (Snape’s Grudge)

It doesn’t seem like McGonagall considered Sirius being able to break in Sir Cadogan’s fault - he let Sirius in because he had the passwords. Instead, she placed the blame squarely on Neville for keeping a list of the passwords.

His post was probably always temporary.

Though Professor McGonagall was surprised to learn that Sir Cadogan let Sirius Black into Gryffindor Tower, the reason he was ‘fired’ may simply be because the Fat Lady was finished being restored, and therefore able to take her job back. Sir Cadogan being removed as the guard for Gryffindor Tower coincided with the Fat Lady being fully restored and returning to her job.

“Sir Cadogan had been sacked. His portrait had been taken back to its lonely landing on the seventh floor, and the Fat Lady was back. She had been expertly restored, but was still extremely nervous, and had only agreed to return to her job on condition that she was given extra protection.”
- Harry Potter and the Prisoner of Azkaban, Chapter 14 (Snape’s Grudge)

Sir Cadogan was never the optimal choice for Gryffindor Tower’s guard. When the Fat Lady was attacked, the only reason he got the job to begin with was because he was the only one who was willing to take it.

“The Fat Lady’s ripped canvas had been taken off the wall and replaced with the portrait of Sir Cadogan and his fat grey pony. Nobody was very happy about this. Sir Cadogan spent half his time challenging people to duels, and the rest thinking up ridiculously complicated passwords, which he changed at least twice a day.

‘He’s barking mad,’ said Seamus Finnigan angrily to Percy. ‘Can’t we get anyone else?’

‘None of the other pictures wanted the job,’ said Percy. ‘Frightened of what happened to the Fat Lady. Sir Cadogan was the only one brave enough to volunteer.”
- Harry Potter and the Prisoner of Azkaban, Chapter 9 (Grim Defeat)

Therefore, it seems highly likely that he was always going to be taken off the post once the Fat Lady was able and willing to return to her place guarding Gryffindor Tower.

Community
  • 1
Obsidia
  • 105,547
  • 18
  • 451
  • 493
  • 5
    I think I always read that passage as saying that she was brought back because he was fired rather than the reverse. – Alex Apr 01 '19 at 06:12
  • 2
    @Alex Agreed. It seems really very unlikely that Sir Cadogan's sacking and the Black break-in were unrelated or a coincidence. – The Dark Lord Apr 01 '19 at 10:56
  • There also was a mention of Sir Cadogan challenging every other student to duel. – TimSparrow Apr 01 '19 at 13:37
  • 1
    @TimSparrow That's included in the last quote. – Alex Apr 01 '19 at 14:47
  • +1. I'm not 100% convinced, but the reasoning is sound. – Harry Johnston Apr 01 '19 at 20:17
  • 1
    Agreed with this. A buffoon like Sir Cadogan would never have stayed long anyway. – Rand al'Thor Apr 02 '19 at 15:09
  • 5
    "Sacked" suggests being removed from a job for unsatisfactory performance, not simply because the agreed period is up or one's services are no longer needed. I figure that's in reference to his generally ridiculous behavior (see "nobody was very happy about this" and following). It certainly worked out well that the Fat Lady was able to resume around that time, but given her reluctance, a better door guard might have been asked to continue there somewhat longer. – aschepler Apr 02 '19 at 21:42
5

He shouldn't have given Neville the passwords in advance.

In fact, he probably shouldn't have given Neville the passwords at all; from what little we see of the Gryffindor common room's so-called security system it appears to be based around the Gryffindor prefects - the painting tells them the password, and they tell the other Gryffindors.

"Password?" she said as they approached.

"Balderdash," said George, "a prefect downstairs told me."

Community
  • 1
Harry Johnston
  • 17,843
  • 2
  • 50
  • 89