We at WhyDontYou would never consider suggesting people had insecure computers when it comes to dealing with their work, or personal data, but there comes a point at which madness takes over.
For example, today I was give access to an IT system by my employer. Being very zealous at the thought of evil people from the internet getting access, they have instituted quite strong policies when it comes to people being able to access data. Amazingly, some IT guru has convinced them of the need for all users to have very strong passwords. This has translated into a policy which requires all passwords to be 14 characters long, have a mix of upper/lower case letters and numbers, not include your user name or common words (whatever that means) and not be the same (or a variation of) any of the last 36 passwords. Passwords must also be changed every 30 days.
Blimey.
At first I thought it was just me, but upon asking around my workplace there is no one who claims to be able to remember their random string of gibberish password. Almost every one eventually admits to writing the password down and either carrying it with them or leaving it by the terminal.
Now, it strikes me that this pretty much undermines the point of having the password in the first place… In the quest for Fort Knox style security, my employer (or at least the BOFH IT team) have largely undermined everything. Isn’t technology great?
[tags]Computers, Technology, Security, IT, Hacking, Corporate Culture, Culture, Logic[/tags]
I totally agree. Every time I have to change my password i have to write it down. I have locked myself out and had to get it reset a few times before i took to writing it down.
How much easier is it for an intruder to read it off the paper than to try and crack a password? Stupidity.