How crappy is your IT?
Published on December 28, 2006 By greywar In Personal Computing

     For the folks who don't know : I have moved job sectors and am back in government services again. Specifically I am maintaining the TLA stacks for the Army's NIPR (just read that as internet) connected istallations. As such I have many accounts (somewhere around 100) on many different computer systems. The Army has recently moved to a new password system that requires a 15 character password with 2 uppercase letters, 2 lower case letters, 2 numbers, and 2 special characters included. Further more most of these accounts require the passwords to be auto-generated and do not allow the user to change or set their own passwords. End result? 100 15 character passwords that are written down in the top drawer of my (and every other employee here) desk.

     Many of my co-workers actually maintain digital copies of these passwords in Excel as well and even email this back to their non-work email accounts for occasional telecommutes via VPN tunnel. In short the Army has garnered far more security vulnerabilities with this policy than it closed. Previously most accounts followed an 8 character rule and allowed users to set their own passwords. This usually meant that most accounts for one user used the same or similar passwords. If you got that one password you could do a lot of damage but the likelihood of compromise was greatly decreased since most users can remember one 8 character password.

     Now every cleaning-lady we have in here after hours automatically has access to thousands of individual accounts on critical DOD hardware. Brilliant.


Comments (Page 2)
2 Pages1 2 
on Dec 29, 2006
I for one am surprised that biometrics aren't in place & used in a military facility that holds the type of confidential data that you're talking about. Technically long passwords are great for security, the breakdown is when you have people writing them down on paper, saving them in excel files and emailing themselves this account information.

We've been using biometric scanners at our work for almost a couple years already and I personally love it. My latest machine is an IBM Stinkpad T43 and it has a biometric fingerprint scanner in the lower right corner of the keyboard area. Once you've enrolled your fingerprints on your machine (you can do just 1 or all of your fingers on both hands), logging into your machine or on to a network domain is a snap (or swipe as it were). You can even export the fingerprint profiles to another machine so that you don't have to go through the fingerprint enrollment process on every machine you use.

I think it works great, it's quick and very practical.

I heard someone mention retina scanners, don't know where they would fit that on my laptop or desktop machines - I wouldn't be crazy about a usb device with a cable that I'd have to lug around with my machine either.
on Dec 29, 2006
True bureaucracy in action.
on Dec 30, 2006
I am in arizona...
WTFRU?

Fuller
on Dec 31, 2006
Randomly generated passwords, of any size and pattern is just plain bad news. Keeping the same size and pattern requirements would be smart, but allowing the user to generate the phrase or word is the only way to go. The next step is to train a person on how to generate a password using those requirements so that they remember the password. If the passwords are stored in your desk, your security team is not doing thier job. And if the "cleaning" crew is peaking at them, both the security team and the cleaning crew is not doing their job right!

on Jan 02, 2007
"15 character passwords that are written down in the top drawer of my (and every other employee here) desk. Now every cleaning-lady we have in here after hours automatically has access to thousands of individual accounts on critical DOD hardware."

come on...with all due respect you mean to tell me that you cant memorize 15 characters? Military Intelligence! OK!
on Jan 02, 2007
The next step is to train a person on how to generate a password using those requirements so that they remember the password.


or maybe the next step would be hiring people who can remember 15 character passwords...lol
on Jan 02, 2007
I feel your pain, greywar. From your avatar, we may very well be in the same place (igotcha).

Don't forget that you also can't use any of your last 25 15-letter passwords, so you alxo have to keep a complete record of them. Not just army though...it's DoD-wide.
on Jan 02, 2007
Great!
on Jan 02, 2007
"15 character passwords that are written down in the top drawer of my (and every other employee here) desk. Now every cleaning-lady we have in here after hours automatically has access to thousands of individual accounts on critical DOD hardware."

come on...with all due respect you mean to tell me that you cant memorize 15 characters? Military Intelligence! OK!


Skinhit, I can't tell if you are trying to be sarcastic, but just in case your simply being an ass, you did read the part where he said he has to deal with 100 different 15 character passwords?

And because I seem to have left my funnybone back in 2006, I'm going to add to the comment that your attempt at sarcasm (if that bit of lameness was an attempt) fell short of the mark, or looking at the criteria you seem to deem needed to work for DoD, you are more than qualified to apply.
on Jan 02, 2007

We've been using biometric scanners at our work for almost a couple years already and I personally love it.

My uncle had a business providing a database/info of credit-worthiness of people....this is years ago, before the upsurge/advent of bankcards/credit cards, etc.

He eventually went from paper-file to computer...back around 1973.....needless to say it wasn't some 'PC'...but a monsterous bugger from Honeywell ...magnetic tape...own room....positive ventilation...no sprinklers....but it DID have a fingerprint [or maybe palm-print] reader to access the room.

Ain't nothin' new in the world....

on Jan 02, 2007
I am in arizona...
WTFRU?


The construction by the main gate has really been a pain, hasn't it?
on Jan 03, 2007
I am in arizona...
WTFRU?

Fuller
I am in AZ too. just email me sgt.greywar@gmail.com
2 Pages1 2