Wednesday, October 14, 2009

Death by password

posted Wed, 06 Oct 2004

I am being pestered to change my password. Again. Every few months, I have to change my password for getting onto my computer at work. And it’s not enough that I have to change the password (at least one numeral and one capital letter and no repeating anything from the previous five passwords, please), but they start bugging me about it 20 days before the change date. Maybe I’d just like to change it now and get it over with, they suggest. Every morning. No! I don’t want to change it now, because that just means I have to change it again even sooner.

Then I have to key in the same password to get into the company intranet. Right. So if someone actually did get past the first point, he wouldn’t figure out to use the same password again.

You’d think I worked at Fort Knox.

And so what if someone gets into our systems? It’s not as if we have the secret to making money. I work for an old, heavy manufacturing company. The market sets our prices. All we can do to make more money is reduce costs. It’s not like we have the secret formula to Coke.

But my company doesn’t even want its own employees to have information. A few years ago, I worked on a data warehouse project to consolidate the sales data from 50 factories into one system. The people in corporate did not want the people at the plants to have access to the data warehouse! “They might take it to the competition,” they muttered darkly.

First, the people in the factories are on OUR TEAM! Second, so what if the competition saw our sales volume, prices and profits? What – like they don’t know Procter & Gamble exists as a customer? And even if our competition did know our profits (low), so what? If they knew our prices, so what? We hired a guy from the competition. He brought the complete customer list, along with all prices. Guess what? We did not get all those customers. What a surprise.

My company’s security requirements are nuts. The front cover of the spiral-bound notebook I take to meetings is covered with passwords and password changes. For work-related things alone I have eight separate user IDs and passwords. There may be more. These are all I can think of right now. Throw in another dozen for other applications. No wonder my brain hurts all the time.

No comments:

Post a Comment