Monday, January 19, 2015

The Password Is.....

As someone who literally built his first computer from a kit (Heathkit-Zenith 8088), but who also still has a flip-phone that pretty much just makes phone calls, I'm conflicted about technology. I like what it can do, I just don't like doing it. That said, my entire work life is run by machines. And like every good machine, each has to have its own password.

First, I have to log into Windows to get onto my in-car computer. Once in Windows, I have to log into the program that runs my in-car camera. This one is easy - it's the same as my Windows password. But my Windows password changes every few months, and my camera password doesn't, so they get more and more out of synch as time goes on. So far, I've been able to remember which is which.

Then I have to log into the program in which I do accident reports and traffic tickets. This is a different password altogether, but it's one that never changes, so not so bad. Then I have to log into the program the I use for the bulk of my work - dispatch info on the run I'm on, reports, people checks, vehicle checks, etc. This is yet another password, but also one that never changes. Next, I have to log into the program in which I log evidence. This is the same password as my reports/runs/people/vehicles password. So far, so good.

But then I also have to log into programs that allow me to access state driver, vehicle, and criminal history records. You would think that I was logging into the launch codes for ICBMs aimed at China. I have to change my password about every three months. And each time, I have to meet a mind-boggling set of criteria. It goes something like this:

Please reset your password. Remember, your password must adhere to all of the following guidelines:

1. Your password must be between 16 and 42 characters in length.
2. Your password must contain at least 1 upper case letter, 2 lower case letters, 5 numerals, 7 punctuation marks, a diacritical mark, a polynomial equation, and a smiley face.
3. Your password cannot be similar in any way, or even look or sound like, any other password ever used by anyone.
4. Your password cannot contain any part of your name or the name of anyone else in the galaxy.
5. Your password must use the Runic alphabet.

So, I wind up stringing together my dogs' names in order of age (highest to lowest), my wife's bra size, Grover Cleveland's real first name, the formula for the gravitational force on Saturn, the diameter of FDR's wheelchair wheels, and an antonym for ablutomania. I write it down on a slip of paper, which immediately falls down into the space between the driver's seat and the radio/lights/siren/computer console of my squad car.

I haven't accessed a driver, vehicle, or criminal history in at least 12 years.


John said...

Yes, and you may have understated the password requirements just a bit.

Small ray of sunshine is that the Department of Defense pay system, Mypay went to a way overcomplicated password and then reversed themselves and went to a simplified password. No doubt the individual responsible for the overly complicated password will be rewarded and the the person responsible for the vastly improved new simplified password will be punished.

We can hope the sensible password requirement movement catches on, but it won't.

John in Philly

Don said...

My suggestion to people is to use passwords based on phrases.

1Up0nAt,Ialffa is a very good random password, looks kind of long, but translates to Once Upon a time, In a land far far away

Phrases from stories, lines from songs all make great passwords.

It is silly that a police officer needs that many different passwords. The application vendors would be better off tying their authentication mechanisms into the Windows authentication scheme. Then one password would get you into everything.

OldSquid said...

Sounds like working in healthcare. One to log into windows, one for inpatient EMR, one for outpatient EMR, one for CMS, one for BCBS, one for radiology, one for pharmacy, one for payroll, one for core measures, one for OPPE, etc...

JamieC0403 said...

I think I've got about 8 passwords for work, but only really need three of them on a daily basis. The rest I keep in a password locker app on my smartphone, which i also have to use because the newest layer of security on one of the systems is that you have to input a number generated on an app on your phone into your work computer. The system hasn't been around long enough for me to find out how I'm supposed to do my job if my phone gets lost or broken.

Justin said...

But does it leave you loggeb in? In the hospital programs I use if you do not touch your computer for something like 15 minutes because you are at a code or whatever it just logs you out. You lose anything that was not saved and have to log back into about 4 programs.