kitchen table math, the sequel: Foiled again

Friday, February 15, 2013

Foiled again

re: stop making sense, chemprof writes:
Yeah, and this is also why people wind up using the same two or three passwords for everything. When I worked in the national lab, they assigned us passwords -- awful, un-memorizable things that met IT's standards. So of course everyone kept theirs on a post-it someplace or locked in a drawer.

Forget that, chemprof!

The times they are a-changin'.

Back story:

The tech system at my college automatically changes both your passwords every 90 days unless you change them first.

Needless to say, I've never changed either password first, mostly because I have never, not once, seen the email alert re: Impending Password Change that's supposed to come out on Day 85.

Not getting the memo may be my fault, of course.

My college has two separate IT systems with two separate email addresses and two separate passwords, and you have to find this out yourself, usually over the course of multiple conversations with Help Desk. Nobody tells you, going in, "Welcome to yourcollege! We have two IT systems."

The user interfaces are inscrutable, with tiny-fonted "ADMIN SIGN INs" here and orange "ROOM BOOKING" tabs there (you have to click on a "Room Booking" tab to find out who you're tutoring) and two "Change Password" tabs that don't change your password but do lock you out of the system, and nothing you do takes less than 8 steps. I have a list of 18 steps to deal with the Online Appointment Calendar. The whole thing is stupefying.

The system was so impossible to navigate that eventually I settled into a routine of using my Verizon account 95%-99% of the time, and checking my two work emails only when my fear that I was missing essential communications grew stronger than my dread of dealing with the system.

So I may have missed the Password Change alerts. Assuming the alerts were a) sent and b) actually delivered to one of my 2 work addresses, that is. Which I do not assume.

Back to my story: for a while there things were working OK, I thought. Every so often I would discover that my password(s) no longer worked, and I would deal with it when I absolutely needed to by calling Help Desk and having them figure things out. But this most recent lockout has taken almost 3 weeks to resolve, with 4 different employees working on my case at various times, and multiple phone calls and emails. I don't want to do this again come April.

So I had a long conversation with Help Desk about the EXACT steps involved in changing my password(s) myself. Then I had Help Desk stay on the line while I looked up passwords, changed passwords, and reconciled passwords.

Which brings me back to chemprof.

Naturally, I want only one password for everything, so I asked Help Desk whether I could change back to my regular password now that a few 3-month cycles have gone by.

Help Desk said he'd see, and he checked the documentation which, he was surprised to learn, made no mention of the number of old passwords the system remembers. (No documentation? That is surprising.)

The usual number of old passwords a system remembers, he said, is three. If you use your usual password, you should be able to cycle back to it after 3 changes.

But that's going to change, he said. The new Windows system is going to remember twenty-four old passwords. If your system makes you change passwords 4x a year, it'll be 6 years before you can use your regular password again.

I wonder if, when that happens, the Bureau of Labor Statistics will be able to pick up a measurable drop in productivity.


GoogleMaster said...

Ancient IT trick: use the same password every time, but add a single-digit suffix (or two digits, if they actually go to remembering 24 old pws!).

e.g. your password cycle could be Surfer.Is.My.Dog1, Surfer.Is.My.Dog2, Surfer.Is.My.Dog3, etc. until you can start over again with Surfer.Is.My.Dog1.

Anonymous said... of the e-mail passwords I use is the same one I've been using since 1985.

Catherine Johnson said...

Google Master - THANK YOU SO MUCH!

It was going to take me years to think of that.

Anonymous - me, too!

NYU makes Ed change his password every year (4x a year for me! Crazy!)

He has two passwords he swaps back and forth.

Catherine Johnson said...

btw, does it make intuitive sense to anyone out there that in order to access your tutoring appointments you would need to click on "Room Bookings"?

Anonymous said...

It changes seasonally, right? If you don't think security on this matters much at all (and no, not every system has to be equally secure!) then you get Spring2013, Summer2013 and so on.

Allan Folz said...

Haha. GoogleMaster beat me to it. I was just about to write, "You did NOT hear this from me, but..." :-)

I will suggest putting the number in the front or even better in the middle. Most people put it on the end. So password crackers are all written to cycle through numbers on the end. It's like the old joke, you don't have to be faster than the bear, you only have to be faster than the guy standing next to you.