Wednesday, March 3, 2010

Computer Security Madness

I was just notified by our IT department that my computer password is about to expire. That means it's time to come up with another inscrutable yet easy to remember password so I can log into my hospital's email system. The rules are pretty onerous.

1. The password must be at least 8 characters long.
2. The password must contain at least one capital letter.
3. The password must contain at least one number.
4. The password must have at least one symbol ie/#&$.

The password also cannot cannot contain any part of your name and it has to be different from your previous five passwords. Got that? Actually it's not that bad. Only three of the four criteria need to be met, not all four. Ha ha. These rules are so difficult to follow that I actually had to call our IT guy to help me come up with a password that would pass muster. He was very friendly and obviously had helped lots of people with this problem. After about three attempts I finally came up with one that the security system would accept. Hopefully I'll still remember it by the end of the day. After all, you're not supposed to write it down anywhere lest somebody found it and hacked into your account. Some computer browsers helpfully remember passwords for you and automatically log you in. But that kind of defeats the purpose of these security measures, doesn't it.

The New York Times recently had an article about the kinds of computer passwords that are commonly used. Believe it or not the top three passwords people use are 123456, 12345, and 123456789. Obviously none of these, or even the top 32 on their list, would pass the scrutiny of our computer security. There must be a way for the IT guys to come up with a security system that doesn't drive its users to madness, or feel like they are having early Alzheimer's. Perhaps some sort of biomechanical security measure like fingerprint identification or retinal imaging? But of course that is a little sci fi for our hospital. Our network still runs Windows XP! (IT promises that we are upgrading to Windows 7 by the end of the year.) So in the meantime I better start working on my next password since this new one will expire in only six months.

1 comment:

  1. We have a similar requirement at work...8+ characters, at least one number, one capital letter, and no re-using the last 8 passwords. We also have two other databases we use, each with their own similar password requirements and cycle.

    I end up using the same password over and over, with a number somewhere in the middle indicting which version of that system's password it if (i.e., I start with the number 1, and the at the next reset go to 2, then 3...).

    Of course, they're not on the same reset cycle (one is 30 days, one 60, on 120).

    My laptop has a finger print scanner, which makes it a little easier. But it's still maddening.