Sunday, April 17, 2011
AND THE PASSWORD IS....
When I was working for a major Wall Street firm I must have used at least 15 applications which required a password for access. I would have liked to have used only one password, but that was not possible. You would think that a company would establish one set of rules for choosing a password. You would think wrong.
One application required a 3-5 alpha character password; one required a 7-10 alpha character password. Some applications required at least one uppercase character, and some required at least one numeric. Most applications required the password be changed every month.
I used at least seven different passwords. For those applications which were not used every day, violating the password was a given. Unless I guessed correctly it would be three tries and you are out. I wonder how many hours of productivity per day are wasted by employees trying to have their passwords reset.
We were always warned that choosing a password was important. Do not pick something obvious like your birthday. Don’t use your initials. Don’t use the names of your wife or kids or pet or your parents or your grandparents. Do not use any name or number that anyone could tie to you as that would be too easy for a scammer to figure out and get unauthorized access to an application. Essentially the rule was to never choose a password that you might actually remember.
Since I could not remember the seven to ten different passwords I was required to use, all of which I was required to change monthly, the obvious solution was to record all my passwords and the associated applications on a piece of paper and leave it under my keyboard. This also was frowned upon.
“Do not leave your list of passwords where they may be easily found!”
OK, I cannot use passwords which I can easily remember, and when I write them down so I can remember them, I need to put the cheat-sheet in a not obvious place. In effect, hide the list of passwords which you cannot remember in a place that you will also not remember.
I developed a secret code based on numbers and the alphabet. Using this code, I recorded the hiding place that I could not remember which held the passwords for all the applications which I could not remember and placed it under the keyboard. I recorded the key to the code which told me where I hid the passwords that I could not remember and hid it somewhere no one would ever suspect. I recorder this location on a piece of paper and taped it blank side up to my keyboard. On the blank side I wrote K2PWLcLiUtP (Key to password location code location is under this paper.)
Weeks later I was fired! At night, my computer was broken into and an application accessed which enabled the hacker to steal sensitive information which cost the firm several million dollars. I was fired for breaking the rules of password security. I forgot that the password for this sensitive application was K2PWLcLiUtP.