Wednesday, September 08, 2010


THE PERSISTENT URBAN [AND CORPORATE] LEGEND ABOUT - PASSWORDS
-
Much like the Babysitter who receives disturbing phone calls - from an upstairs extension, to girls who find the body of their boyfriend hanging above their car in the woods, there is a persistent "Urban Legend" about how frequently you should change passwords on a computer, that has yet to fade away.
-
At one place of business not only the length of the password, but the frequency at which it was forced to be changed became a misery of many an end-user, when in fact, experts are reversing their opinion on this practice from the "DARK AGES". I recall many times seeing a persons list of passwords of everything from network login to EBAY and PAYPAL written on a piece of paper conveniently scotch-taped to the monitor or often, under the keyboard when in fact there were far worse things to worry about when it came to their personal and business security.
-
If an end-user requires 4 different passwords, each different, to access the network and do their job - and is forced to change them every four or six weeks, memory (and we're not talking about PC memory here) overload becomes an issue and passwords get written down and stored in places they usually won't forget where they were placed. At one company I worked for, at least a third of the users used 123456 for a password, until the password rules were extended to eight digits. Suddenly 123456 became 12345678. Other examples abound such as adding a number or alpha character to the end of the current password, so if your password was geopet, then when the next change came, "geopet" became geopet1, followed by 2, 3, 4, 5, etc. [ed. - either you get the idea by now...or you're already password Zombies].
-
Knowing what I knew, after many years of end-user/server support, I could see that as hard as a network security policy could be, end-users could find an easy way to comply, yet not compromise any further grey matter which could be used for better things. Over that past 18 months I've read numerous articles on this same subject, the consensus being - frequent password changes do little to secure your computer, data, or network. Just today I ran across yet another article CLICK HERE which prompted me to finally write what I wanted to write sometime go but forgot to write it because I have too many passwords stored in my head.
-