Tuesday, July 1, 2008/
Are company policies of having passwords just an attempt by IT to deflect blame? BRENDAN LEWIS
By Brendan Lewis
Passwords piss me off greatly. I truly believe that password policies are mostly about IT people moving the risk of failure to you, rather than getting their act together.
Anyway, rather than continue that rant, I thought I’d share what I do.
Bascially I assess every situation where I need a password and decide what the impact would be to me if someone found out my password.
If I don’t overly care, as per most websites, I use one of my standard couple of passwords. Therefore I don’t have to think about storing the password somewhere securely.
Really I don’t give a bugger if you find out my login for one of the slightly rare tech support sites. Even though knowing that password probably means you can break into another 50 websites that I also don’t care about.
However for sites that I do care about (banking!) I have a completely different set of standard passwords. Each of these suits different policy arrangements (for example, numbers only, six letters only etc) I use as a base that I vary slightly. I keep the results in a password safe (that’s software, not metal) that I picked up for free.
Why do I do it like this?
Because I realised that 95% of the time I don’t really care if my password is compromised and I simply can’t cope with having hundreds of unique
passwords. Bring on Open ID.
Brendan Lewis is a serial technology entrepreneur having founded : Ideas Lighting, Carradale Media, Edion, Verve IT, The Churchill Club, Flinders Pacific and L2i Technology Advisory. He has set up businesses for others in Romania, Indonesia and Vietnam. Qualified in IT and Accounting, he has also spent time running an Advertising agency and as a Cavalry Officer with the Australian Army Reserve.
To read more Brendan Lewis blogs, click here.
Simon van Wyk writes: I agree. Once upon a time I was in a professional services company. We had a client that wanted a complex passwords program. They wanted the passwords to expire every month and because someone can guess your mother’s maiden name they had weird questions like “favourite band”. We fought the idea for ages and eventually I made the client a bet that the first change they would request would be to unravel the mess. At the end of the first month the call centre was swamped. People had been locked out as they had a new “favourite” band. I was right.
Anthony writes: When I used to work for others, I found passwords annoying too. Specifically, when they would ask you to change them every 90 days (or less). I agree with the author; bring on openID, a universal, single password that does everything.
Walter Adamson writes: PassPack is also a useful, secure, password manager.