The Password Wars

My mom is very upset.

Her network administrator at work is starting to enforce standardized usernames and complex passwords. This is a new frontier for Mom. The rest of us have been dealing with this for the last 10 years, but Mom works for a school and is therefore a bit behind.

"I can't remember my new username, so I have it written on a card that sits on my computer in the classroom."

I cringe more than a little when I hear this.

"And what's worse is the IT department says in the fall, I must change my password to something that includes lower and capital letters as well as numbers and symbols. I won't be able to remember that either, so it will join my username on the card."

I bite my tongue.

"How is this more secure?!?"

"It's not, Mom. You should try to make it something you can remember, then add numbers at the end or something."

I offer a few suggestions, all of which she declines.

I'm not sure what you'd do if your users kept their login information on a note on their keyboards, but I can tell you what I did.

I had a user who refused to learn her username and password. She kept it on a sticky note on her keyboard, just like Mom. I often spoke with her about not leaving it out in the open, but every morning, there it would be. I finally decided to have some fun...

I would change her password. Not in the system, but on the sticky note. L's would become 1's, O's became 0's, etc. She would then try the modified password until her account would automatically lock itself. Then she'd call me.

User: My account is locked again!
Me: Did you write down your password?
User: Of course. I can't remember that silly thing!
Me: But when you write your password down, the system locks your account, remember?
User: What? Oh, yeah! I forgot the monitor can see me...

Mom thinks this type of behavior is all my fault. She asked me to have a talk with all the other network administrators. She says we're being unnecessarily difficult, and is putting us in timeout.

"You all sit in the corner, and think about what you've done!"


Who's right? The IT folks or the users?

.