The World According to Nick
My take on Software, Technology, Politics, and anything else I feel like talking about.
Tuesday, October 19, 2004

Insecure Security 

I've now been at my current client site for about a month. Today I received email notification that my password will expire in 5 days. I've been here a month! This place has the most insane password policy of any company I've ever worked at. First of all, your password must be at least 8 characters. It must include both numbers and mixed case. Not only that, but no complete word can appear anywhere in the password. Now then, all these things do make a password more secure, but then you have to change it every 30 days? That's what I have a problem with.

I would be willing to bet that if I were to go to every cube on this floor, that within 2 minutes of being in that cube, I would find that person's password written down somewhere at least 1/2 the time. When you make passwords that hard to remember, and then make people change them that often, you're asking for people to take measures to remember them. Of course this company realizes this problem, and so they have a password reset utility. You simply log into a terminal with a known dummy account, go to this website, answer some predefined questions about you, and they'll reset your password. How secure is that? Now anyone with a somewhat detailed portfolio on me can access my account. I hate the "secure" password questions. Anyone can pretty easily find my mother's maiden name, or what grade school I went to. I always fill in those fields with junk information because I never use them, and I don't want others too either.

If you want to make sure my password is uber secure, that is fine with me. I get that. But then don't force me to change it constantly so that I can't remember it. We don't work at the NSA.

Comments:

Post a Comment

About Me



Name: Nick
Home: Wauwatosa, WI, United States

I'm a Software Consultant in the Milwaukee area. Among various geeky pursuits, I'm also an amateur triathlete, and enjoy rock climbing. I also like to think I'm a political pundit.


 View My Profile

Archives
 Home Page

Subscribe to this Feed

Search Archives
Previous Posts
Congratulations - You Didn't Die
Housekeeping
Shannon You Ignorant Slut
Dancing in the Cubes
I Guess Size Does Matter
News Oddities
Not Gonna Happen
Labeling People
Winning at all Costs
Debate Round Up

Personal Links
Carnival of the Badger
The Coding Monkey
del.icio.us Links
Flickr Photos
Blog Critics Reviews





Blogroll Me!

music
books
video
culture
politics
sports
gaming

www.flickr.com
This is a Flickr badge showing public photos from Nick_Schweitzer. Make your own badge here.

Credits

Blogcritics: news and reviews







This page is powered by Blogger. Isn't yours?

Weblog Commenting and Trackback by HaloScan.com

RSS-to-JavaScript.com

Listed on BlogShares

Design By maystar