Feeds

Passwords are for AES-holes

Security is an illusion

SANS - Survey on application security programs

Something for the Weekend, Sir? When did you reach burnout? For me, it was spring 2009. Looking back, I did well to last as long as I did but the constant pressure of coming up with something new, again and again, became too much.

I'm not confessing to an emotional crisis, by the way. I'm talking about my ability to create new system logins that I can remember for longer than an afternoon. Today, about a third of my incoming emails have 'password reset' in the subject line.

Reginald Perrin. Source: BBC/2 Entertain

'Oh god, not another bloody password to remember. One more and I'll fake my own death just to avoid the buggers'
Source: BBC/2 Entertain

My password fatigue came to a crunch while I was freelancing at a company that bullied its users into entering a unique login every time you wanted to do anything whatsoever on one of their computers. First up was a straightforward Active Directory login, which is fair enough, but this barely carried you beyond the company's intranet page.

Want to visit an external website? Another login. Check email? Another login - yes, even with AD. Run the core apps? Another login. Open the image library? Another login. Access the database? Another login. Browse the archive? Another login. Launch the production tool? By now, you know the answer.

If I was working remotely, I had to use yet another login to seek permission to enter any of the above logins, and it was particularly irritating because it insisted on asking me to enter this one twice. Those of you who know me: it's not the company you think it is, so keep guessing.

Reginald Perrin. Source: BBC/2 Entertain

'I didn't get where I am today by not forcing my staff to log in 13 times to to start work'
Source: BBC/2 Entertain

Most of the company employees got around the problem by creating identical ID names and passwords for everything. The IT department responded to this challenge by forcing users to change their passwords every month. The ever-resourceful users quickly discovered that the automatic prompt was fixed to a 12-month cycle, so all they had to do when prompted to change their passwords was to spend a minute changing it 12 times and then choose their original password again.

Now I understand why computer security is important. I also understand why I should not use the same ID and password for all my bank accounts and credit cards. What I don't understand is why I would need 13 different logins at the same company simply to identify who I am.

SANS - Survey on application security programs

More from The Register

next story
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Leaked pics show EMBIGGENED iPhone 6 screen
Fat-fingered fanbois rejoice over Chinternet snaps
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Rounded corners? Pah! Amazon's '3D phone has eye-tracking tech'
Now THAT'S what we call a proper new feature
Feast your PUNY eyes on highest resolution phone display EVER
Too much pixel dust for your strained eyeballs to handle
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
US mobile firms cave on kill switch, agree to install anti-theft code
Slow and kludgy rollout will protect corporate profits
Sony battery recall as VAIO goes out with a bang, not a whimper
The perils of having Panasonic as a partner
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.