Oddverse.com

disconnectedzeitgeist : In Security

In Security

We had the auditors in at work.

Well, not us precisely. Our marketing team. Or, as we've started calling them, "document management". It was decided that our document store wasn't secure enough. So this week we had the password routines upgraded.

This is a system that stores technical documents and my sarcastic comments on them. It has no personal client data. No financial information.

Now we've got to change our passwords regularly. I use the system roughly every couple of weeks, so now I have to change my password every second time I use it.

The password has to contain letters and numbers, a mixture of upper and lower case, and a punctuation mark. That's good password practice anyway, but they're a swine to remember. Really, they should be saved for important things.

This is a system that stores technical documents and my sarcastic comments on them. It has no personal client data. No financial information.

Eight of us in the office have logins for this system. All of us now have our new passwords written on post-its on our desks.

Yes, we got our security upgraded really well.

28 November, 2007

2 Comments

,

2 Comments

Comment #1
Posted by Alan
December 18, 2007 7:40 AM

No idea what the thing about decorative vegetables is!

Comment #2
Posted by Monado in Toronto
December 22, 2007 9:29 PM

The danger isn't from people stealing data so much as from malicious hackers just erasing or changing it. The Internet puts you in reach of every bottle-smashing, graffiti-writing yahoo who has a computer.

That's my definition of a password: the funny text on a sticky note near a computer. The worst case is when the system generates a password that you have to use. Those really need to be written down. But you can keep your password in a notebook or in a card in your wallet or in your desk under a pile of stationery.

However, it's fairly easy to follow the password rules and get a word that you can remember. Associate a word with a date, for example, or use your ex-girlfriend's ex-boyfriend's former registration number.

For example, if you're a history buff, use an event and date. Add a random Uppercase letter and punctuation. For example, take the Norman Conquest: 1066basTard! Or a sports figure and his jersey number, record, or whatever. Or the lattitude of the Firth of Forth. Or a city, band, and radio frequency. Apollo11? dare2Dream! gunz?4Kidz!

All of those will qualify as strong passwords. If I log in every day, I'm less likely to forget it.

about

oddverse.com is the personal web site of Alan Taylor, and the views expressed here do not necessarily reflect those of other people with an oddverse.com e-mail address.

powered By Movable Type Pro 5.12

This blog is licensed under a Creative Commons License.