Recent Articles

IT Spending: Putting a Budget Surplus to Good Use
If you sell to government, non-profit or educational accounts, your firm may be accustomed to managing this next challenge.

Jobster Rings Up Investment Cash
A total of $18 million traveled into job search website Jobster, with half of the cash coming from Reed Elsevier, the publisher that owns LexisNexis and Hollywood trade paper Variety.

The Market for Executives
Despite increased demand for high-caliber leadership in all segments of the technology community, it wasn't until fairly recently that we saw the migration of...

Five Ways To Find Outsourcing Clients
Often used interchangeably with "offshoring," the term "outsourcing" has much broader-reaching implications.

PC Hardware: How Ego Can Cost Your Clients
Your clients might be tempted to outfit their top managers and producers with the latest and greatest PC hardware.

Integrated Enterprise Virtualization
Hu Yoshida, of HDS fame, spoke about a conference in his latest blog, and one of the topics was virtualization. His intro began with a suggestion for what the buzz...

Security Is Happening....Finally
I've got to resign myself that I'm cursed with longer eyeballs than most. It seems I'm like a B movie psychic when it comes to IT sometimes - I see whats going to happen, but there's not much I can do about it.

Google Warms Up A Summer Of Code
The search advertising company will support another Summer Of Code this year, where Google provides student developers with stipends...

Software 2006 Wrap-up
I had the accidental honor of being the last speaker at Software 2006. So as I often do, I veered off of my showcase company presentation to point out how Socialtext is a conclusion of a theme.

Software 2006
I'm at MR Rangaswami's big event, Software 2006, where Socialtext is selected as a showcase company.
08.07.06


Tough Passwords

By A.P. Lawrence

We've had this talk before. Unfortunately we are sure to have it again. And again.

The first email that greeted me this morning started out with "what the hell is that password?!?". The word in question was a remote access password that had recently been changed because of the unexpected departure of a high level employee. It wasn't that the person asking the question hadn't been told what the new password was; he had. I could be wrong, but I had the strong impression that he just didn't like the complexity of it.

Search Engine Strategies Conference

Visit WebProWorld's complete coverage of the SES conference in San Jose
It was their new IT person who had reset this, and he had done it right: 10 characters, mixed punctuation, numbers
and upper and lower case letters. It was a great password.

Too bad it didn't work.

I figured out why pretty quickly: somehow the email that gave the new password had "P:" ahead of it. Let's pretend the password was 23$Ca%Pk98. The email said:

remote access P: 23$Ca%Pk98

Because of proportional fonts in html mail, that ended up looking like

remote access P:23$Ca%Pk98

Blame Microsoft for that: before they stuck their grubby fingers in email, that couldn't have happened. But I digress.

I can understand the frustration of the user. He also said "please write what the actual password is more clearly". That's something I almost always do. For example, I'd usually say:

Wanna wallet stuffed with $10,000?

remote access 23$Ca%Pk98
numeral-two numeral-three dollar-sign upper-see lower-ay percent-sign upper-pee lower-kay numeral-nine numeral-eight

But that's just me, and I'm more apt to do that when writing with a pencil than with a keyboard. It wouldn't have helped here, because I had the wrong password too.

Anyway: I'm not certain this guy was complaining about the password. As it didn't work (at least as presented), he may have just been frustrated by that. After all, you leave work Friday night knowing you have some important stuff to do over the weekend and then you can't get in. Frustrating. Maybe that's all it was.

But at other times, in other places. I've had non-techy types complain about "hard passwords". They don't like hard to remember passwords, especially dislike hard to type passwords, and they whine and complain, and all too often I eventually get a polite email from top management asking me to make it "easier".

Sure. At lots of places, "abc123" is a favorite. The word "password" doesn't lag far behind. Those are wonderful passwords, very suitable for protecting systems. Oh wait, here's another great idea: take the company name and make that the password! No one would ever think to try "AcmeBrake", right? Ri-i-i-ght.

With some customers, I can't win: AcmeBrake it is, and that's that. Others reluctantly accept what I suggest or at least do something part way: "Acme2006Brake". That's a little better, I guess.

A little better.

*Originally published at APLawrence.com

About the Author:
A.P. Lawrence provides SCO Unix and Linux consulting services http://www.pcunix.com

About CIOproNews
The latest news and information for the CIO professional

CIOproNews is brought to you by:

SecurityConfig.com NetworkingFiles.com
NetworkNewz.com WebProASP.com
PerlProNews.com SQLProNews.com
SysAdminNews DevWebPro.com
LinuxProNews.com WirelessProNews.com
CProgrammingTrends.com ITCertificationNews.com


-- CIOproNews is an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
2006 iEntry, Inc. All Rights Reserved Privacy Policy Legal

archives | advertising info | news headlines | free newsletters | comments/feedback | submit article


CIOproNews News Archives About Us Feedback CIOproNews Home Page About Article Archive News Downloads WebProWorld Forums Jayde iEntry Advertise Contact