I love my new job. I thought that would be a good way to start this entry because today there’s something I didn’t like at work. I had to change my password.
For those who don’t work in a business environment user names and passwords are critical for accessing data and communicating with co-workers. My work computers won’t work without the proper username/password combo.
At this company your password must be changed every 90 days. Simple so far. It must contain upper and lower case letters plus a number or two. Punctuations are encouraged, but I haven’t crossed that line yet.
Once I changed my password it was necessary to update all the devices I use, like my cellphones and a handful of PCs.
Correct me if I’m wrong. The vast majority of us use one or two or a handful of passwords for the myriad sites that require one. I’m in the half dozen range.
That’s already tough enough to remember. Now I’ve got a password that’s specifically designed to be difficult to remember and which must be changed regularly!
I would buy into all this if password hacking was a big deal. It’s not. I’m not saying passwords aren’t hacked, but the majority of hacking is done in bulk fashion by breaking into company computers, not knocking off employees one-by-one¹.
When individual user passwords are revealed it’s usually because they’re given away in social engineer schemes, like phishing. This password changing won’t stop that.
Most of us aren’t worth enough for someone to spend the time and energy necessary to hack our accounts. I’m certainly not.
I change my password because my bosses have asked me. I’m a good employee. I’m just not sure how much we’re accomplishing.
¹ – “Hacking” of voicemail accounts by Rupert Murdoch’s News of the World is heavily in the news right now. I think, as the story comes into focus, we’ll see it’s not really hacking that’s been done, but bribing people with access to share that access.
14 thoughts on “I Hate Passwords… Especially Today”
The biggest problem with making employees change their passwords frequently is that it pretty much forces them to write it down. I’ve seen passwords on post-it notes tacked to monitors, and of course, lots get securely hidden under the keyboard! LOL Frequent password changes result in less security, not more.
Either that, Mike X M, or you store them in a file on your PC where you can keep track of them – until you can’t log in because it’s time to change- LOL
The ‘Hacking’ that the news of the world had originally performed involves the voice mail of famous people. They phoned up the house in question and go to voice-mail, as many people never change the passwords for their mail from the standard setting it’s usually 0000 or 1234, they can access all the messages that people have left you.
Since this original scandal more bad practices have been brought to light including the bribing of police officials, and people with access to people in the public eye.
The big story in the UK this week is a press secretary to the Prime Minister who was a former editor of the News of the World, who may have used this position to get more stories, even if he is cleared of that charge he could be facing prosecution for lying under oath to a select committee of parliament, the police and the prime minister himself, as he swore that as an editor he didn’t know that any of this was happening under his watch.
I do however think its quite funny though at the moment that Murdoch for the first time in his life is realising what people actually think of him and none of it is good….
You beat me to it by a minute there Simon : )
Actually Geoff…. They DID sort of amaturishly hack the phones…. They relied on the user either not having or not resetting factory default password to the voicemail. 2 people call at the same time and 1 gets dumped into VM. That person now has access to all the saved messages on the phone. They can change the PW, delete VM, (Which was done to the poor murdered girl’s phone) making her parents, and the cops think she was still alive. They can listen to everything saved in VM.
Wow as an IT auditor I found this post very interesting. First, I don’t understand why you are changing the passwords on all your personal devices simply because you are required to change your work password. Second, it may not be you personally that is worth hacking, but the data to which you have access. Third, be glad its only every 90 days; many corporations require 30 day changes due to the nature of the data being protected. And the whole purpose is to limit the amount of time an intruder can use your ID/Password combo. And wait till you find out the password history setting, which may restrict you reusing a previous password for a certain amount of time! I do have some helpful hints for creating easy to remember passwords that are strong and may help you out. Let me know…..
His devices most likely access the corporate e-mail system which require username & password. Hence, change the password, update each device you receive e-mail on.
Mike is right. We use an Exchange server and I access it from everything!
I agree with Gail – it’s not “you” and your data your company is protecting, it’s what you have access to..i.e their network.
You probably know this but a trick I have used is to use a sentence that pertains to your life…”We live in a red house with 1 dog!”. Use the first letter of each word and the punctuation and you have a strong password = Wliarhw1d!
We change every 90 days too and I so hate it! I end up going back and forth between the same four passwords every three months. We are less secure rather than more secure.
A real pain in the boo-de-aye.
Had to do the same thing every 90 days at CBS Broadcasting.
Just when I’d begin to remember the silly thing … DOH !!!!
@ Gail, like Geoff, I change my password on everything because we have too many passwords to remember. That may reduce the level of security in an IT person’s eye such as your self but it saves me from having to keep a list of passwords on my desk.
@ Mike X M, I guess I should remove the post it from my keyboard. Would putting it under the CPU be more secure?
I agree with Mike X as well. I hvae a few friends and or associates that work for LARGE corporations twhich require password changes every hour. They provide them with a fancy little device that displays that new password for them as it changes (determined by the corporate Mother). Each of these people attach this device to their laptop bags……..Which makes it very convenient for someone who wants to steal the laptop……. But correct me if I am wrong, is the security more an issue of documents falling into the wrong hands and someone having access to priviliedged info???
As an IT person for my small Co. It makes me happy we have no info that really is worth a damn to anyone…… Our passwords are all the same and very simple !
When I was in college they made us change our passwords every 90 days as well. I made up two different passwords, and switched back and forth between the two. The system never remembered what my password was before, and as long as it was different then the one set it was happy. I only had to remember two passwords instead of constantly making up new ones.