Ricky Anderson: The Password Wars

The Password Wars

My mom is very upset.

Her network administrator at work is starting to enforce standardized usernames and complex passwords. This is a new frontier for Mom. The rest of us have been dealing with this for the last 10 years, but Mom works for a school and is therefore a bit behind.

"I can't remember my new username, so I have it written on a card that sits on my computer in the classroom."

I cringe more than a little when I hear this.

"And what's worse is the IT department says in the fall, I must change my password to something that includes lower and capital letters as well as numbers and symbols. I won't be able to remember that either, so it will join my username on the card."

I bite my tongue.

"How is this more secure?!?"

"It's not, Mom. You should try to make it something you can remember, then add numbers at the end or something."

I offer a few suggestions, all of which she declines.

I'm not sure what you'd do if your users kept their login information on a note on their keyboards, but I can tell you what I did.

I had a user who refused to learn her username and password. She kept it on a sticky note on her keyboard, just like Mom. I often spoke with her about not leaving it out in the open, but every morning, there it would be. I finally decided to have some fun...

I would change her password. Not in the system, but on the sticky note. L's would become 1's, O's became 0's, etc. She would then try the modified password until her account would automatically lock itself. Then she'd call me.

User: My account is locked again!

Me: Did you write down your password?

User: Of course. I can't remember that silly thing!

Me: But when you write your password down, the system locks your account, remember?

User: What? Oh, yeah! I forgot the monitor can see me...

Mom thinks this type of behavior is all my fault. She asked me to have a talk with all the other network administrators. She says we're being unnecessarily difficult, and is putting us in timeout.

"You all sit in the corner, and think about what you've done!"

Who's right? The IT folks or the users?

Comments (19)

Logging you in...

Dashboard | Edit profile | Logout

Logged in as

+1 Vote up Vote down

Rob Shepherd · 722 weeks ago

I don't know who is right and I don't want to get in the middle of it. What I do want to do is point out how funny your exchange with the user was. That was quality comedy.

1 reply · active less than 1 minute ago

+1 Vote up Vote down

Ricky Anderson 96p · 722 weeks ago

Thanks!

That user is what started me writing the Network Administrator Diaries. She provided some real doozies, believe me!

+2 Vote up Vote down

joerob577 73p · 722 weeks ago

We don't have an IT person at my church, but we used to have a volunteer who previously worked IT. I happen to think IT people are a bit anal about stuff like this. But then again, I've never had to maintain and administer a network. Plus, there's not really any uber-sensitive data on the computers at our church. Hackers can steal all the sermon notes they want off our secretary's computer, and it won't bother us.

2 replies · active 722 weeks ago

+1 Vote up Vote down

Ricky Anderson 96p · 722 weeks ago

Thanks for stopping by, Joe!

I actually happen to agree with you on the whole 'IT people are anal' bit. We do it here at work because we're federal contractors and are required to if we want to be paid.

The only thing I would differ with you on about sensitive data in a church setting would be donor's payment and personal info. My best friend is the network administrator at a church and that's the main thing he's concerned about protecting.

+1 Vote up Vote down

joerob577 73p · 722 weeks ago

Touche on the personal info. We do keep that in a program on our secretary's computer. But, sadly, our financial stuff is still kept in literal books, not digital ones.

+2 Vote up Vote down

sharidethsmith 74p · 722 weeks ago

it's a user name and password, not the Gettysburg Address. learn it.

1 reply · active 722 weeks ago

+1 Vote up Vote down

Ricky Anderson 96p · 722 weeks ago

You make puppies cry.

"Four score and seven years ago our fathers brought forth upon this continent a new nation, conceived in liberty, dedicated to the proposition that all men are created equal."

Why can I remember this and not the grocery list?!?

+1 Vote up Vote down

russiwu 59p · 722 weeks ago

Usernames are generally easy to remember. In business, they are almost always some component of your real name. If people were adequately trained on security and how easy it can be to put together a meme for your passwords, they might not complain so much.

Unfortunately, what most people know about computers comes from what they learned through experience. Look, just because you mastered Word 97 way back when and figured out that double-clicking an icon opens something does not make you Microsoft certified.

Who's really to blame? The dummies dating back to 10 years ago that tried to open Kournikova photos or ILOVEYOU or whatever the worm flavor of the month was, proving to companies that common users on their networks are not smart enough to be trusted with their information assets. There would be less need for Norton or Symantec if people paid attention to what they opened, downloaded, browsed to, etc.

5 replies · active 722 weeks ago

+1 Vote up Vote down

Ricky Anderson 96p · 722 weeks ago

That's part of what was bugging my mom so much. Her username is an automatically generated number. Weird.

0 Vote up Vote down

Some Guy · 722 weeks ago

The she could just make her password her name, and it would even out, right?

+1 Vote up Vote down

Ricky Anderson 96p · 722 weeks ago

Active Directory doesn't usually let you have any part of the username as the password. Depends on how their administrator set stuff up, I guess.

0 Vote up Vote down

Some Guy · 722 weeks ago

I meant her real name, not her username. But I can see how my original comment was ambiguous.

+1 Vote up Vote down

Ricky Anderson 96p · 722 weeks ago

Yes, that would work.

0 Vote up Vote down

Sgt. Wolverine · 722 weeks ago

You know, if we just went all Battlestar Galactica and didn't network anything ever, this wouldn't be as much of an issue.

(Is it uncool to reference Battlestar Galactica? I have to ask because I have no idea how to be cool.)

1 reply · active less than 1 minute ago

+1 Vote up Vote down

Ricky Anderson 96p · 722 weeks ago

Can't help you there. I know very little about them, but the shows Battlestar Galactica and Firefly merge together in my mind as one show since I've seen about 2 random episodes of each.

As for being cool, check with Joe and/or Sharideth.

+2 Vote up Vote down

jaredaclifton 29p · 722 weeks ago

"I forgot the monitor can see me." YYYYYEEEESSSS!!!

IT guys are correct.
If you can't even remember a slightly complex password then the robots won't have any use for you when they take over, then what?
You're dead, that's then what.

1 reply · active 722 weeks ago

+1 Vote up Vote down

Ricky Anderson 96p · 722 weeks ago

I have nothing to add. You are simply correct as always, Sir.

0 Vote up Vote down

Bekah Hope · 720 weeks ago

If you have not already discovered it, you need to go watch "The IT Crowd" on Netflix instant view. It's a British comedy with only six 25 minute shows per season. I haven't ever laughed so hard at a sitcom. And I don't work in IT.

1 reply · active less than 1 minute ago

+1 Vote up Vote down

Ricky Anderson 96p · 720 weeks ago

Hi Bekah! Thanks for stopping by. My wife and I love The IT Crowd. Moss is our favorite.

Ricky Anderson

Links

Labels

The Password Wars

Forgot password?

Comments (19)

Post a new comment