Pointy Haired Bosses Concerned About Security, Using Own Name As Password
from the do-as-I-say,-not-as-I-do dept
Top executives at many companies say that improving computer security is an absolute priority. So, why is it that they’re still using their own first names as passwords and opening attachments from strangers? This does seem typical though. As much as folks hear about the importance of security, there’s often a disconnect between understanding why security is important – and understanding how to be secure. In many cases, it’s the old “convenience factor” that comes into effect. It’s much easier to use your own name as your password and you’re less likely to forget it. Besides, most people think that the chances of someone breaking into their machine are slim – and that, even if it happened, they wouldn’t find much valuable info. Neither of these things are true. Just about anyone can be a target, and it’s not hard to find valuable information on most machines. Getting that messages across, however, is not easy.
Comments on “Pointy Haired Bosses Concerned About Security, Using Own Name As Password”
not just PHB
I just had a new employee last week demand to know why she couldn’t use her username as her password because it’s “easy to remember.” I pointed out that “easy to remember” also means “easy to figure out” to someone cracking a system. She used to be a government muckity-muck out here and forgets that she’s on the contractor side of the house now. She went to my boss’s boss and complained and then my boss gave me the “be accomodating” speech so I told him as long as he wanted to be the one to explain our violating DoD computer security standards to “be accomodating” I had no problem with it. After he explained it to her she started in with the “when I started out here…” speech. When she started out here the only computer on the arsenal filled a building the size of an aircraft hangar and was one of about only ten supercomputers in the country and her “experience” with it was as a keypunch operator.
Net Administrators are to blame ...
It happens ( people using obvious passwords ) because pointed headed net administrators fail to remember that we as users are FORCED to remember umpteem bazillion passwords for everything. On top of that we are forced to changed them far too many times in a year. Here is just an example: I need DIFFERENT pass codes to enter my home, my office, my workstation at the office, 3 different applications I use daily, my bank’s debit PIN, my banks website access, my credit cards website, my credit card PINS, my voice mail on my cellular phone … these are just the ones I can think of off the top of my head. Net Administrators end up thwarting security simply because people get tired of repeatedly changing these codes every month, not being able to use a previous code for at least 12 uses, forcing us to use a combination of symbols, capital letters, small letters & numbers. As a result, people look for the least painful method of complying. Much of the time the Net Administrators do not realize that the level of security they are requesting is not needed in all instances.
I’ve come up with a solution that works for me. I pick 4 letters, 4 numbers & 4 symbols and ONLY use a combination of these. As a result, yes, occasionally I lock myself out of one of the items, but generally since I know it will only be a choice of 4 I can usually figure it out.
As to the bigwigs, they don’t give a hoot because there will always be a pointy headed tech nerd in training to reset the pass code for them.
Re: Net Administrators are to blame ...
Pointy head administrators force you to use difficult passwords because most users will pick something so incredibly stupid for a password, like their kid’s name or favorite sports team, that a little social engineering makes their system vulnerable. You may not think the level of security is necessary but you’re not the one trying to keep your company’s machines from being broken into or hijacked. My users bitch all day about all the patches we have to install for Windows and Internet Explorer but it’s nothing compared to the bitching they’ll be doing if their system crashes because of a security flaw that wasn’t patched.
So you have to remember a difficult password. Big deal. Your network admin is doing his job so you can do yours.
Re: Re: Net Administrators are to blame ...
You missed my point: Its the frequency of change & excessive complication that net admins make us change these passwords that cause people to become lazy and use the least painful method of complying. I throughly agree with you about the security for things that must be secure, but not everything needs to be as secure as you seem to think. As a result the net admins end up pissing off the employees to the degree where they just slap a post it on the monitor with the password, making social engineering a mute point. One walk around my office and I can sign into @ least 5 workstations WITHOUT even having to try and guess passwords because of disgusted employees who use post its.. Besides, since the password we are forced to chose are so obscure and unrelated to ANYTHING in our lives, we tend to forget them. If security is that important to you as a net admin, choose biometrics because my thumbprint isn’t going to change and I don’t have to try to remember 3r5^Gj((lLm to sign on.
Re: Re: Re: Net Administrators are to blame ...
No I didn’t miss your point. Have you ever seen some of the hacking tools available to crack passwords? The key is to make it as difficult as possible to crack passwords. Unfortunately it comes down to that “some people can’t obey the rules so we have to punish everybody” routine. We had a network audit here a few months back and the auditors were astounded at the number of Win2K systems with blank admin passwords. This is an open invitation to get hacked and often happens.
As to the post-it passwords, yeah, that’s where the system breaks down. My former boss had a 5×7 index card with every username and password for every account he had on anything taped to his desk under his mousepad. This is why you have to force users to change passwords frequently and not recycle them because you never know who has copied those down in case they ever get fired.
Re: Re: Re:2 Net Administrators are to blame ...
Nice to have an intelligent debate 🙂
Re: Re: Re:3 Net Administrators are to blame ...
Well I must have an intelligent boss then as he uses his surname and not his firstname for his password 🙂