20 October 2009

Security and Me

So, I try to be good with passwords. I don't make them particularly easy to guess, and even try to use special characters (#$&%^ and the like) when I can. While I'm not the best when it comes to computer security, I want to make it difficult enough for hackers to force-hack my stuff.

You might expect that your employer, who has a vested interest in strong passwords, would ensure that such nontraditional passwords were supported. You'd be half right.

I changed a password recently, one that links to other functions on my employer's intranet site. Let's say for fun that that password is "doug'spassword". That apostrophe is a special character, and the computer accepted that password. My intranet password then became "doug'spassword."

The only problem with that is that there was an application that wasn't updated with the latest and greatest security options, and when I tried to type in "username" and "doug'spassword" I was informed that the ' was an invalid character.

Calling our help desk, I explained the situation, which was met with some mirth. "Yeah, we've seen that problem a couple times. You have to go and change your intranet password in order to get to that application. Sorry, but we haven't updated all our systems yet."

I made sure that he understood my joy at creating a password too complicated for our multi-million dollar security system to handle, and then went and changed my password to something simpler.

Hey, at least I tried to take security seriously.

No comments: