 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
Greetings All, I've noticed that some of my users have been writing their passwords on post-its and leaving them all over the place. Our office has a Written Information Security Policy that each user signed, stating that passwords are not to be written down and stored in plain site. Management at my company isn't interested in disciplining anyone regarding these violations. As some of my users are in their late 70s and late 80s, I kind of understand the need to write passwords down. However, some of my other users are just plain dumb and complain all day about how many passwords they have to remember and how hard their lives are as a result. One particularly whiny person can't remember the four digit alarm code that she uses every day to get into our building. As a result she has written it on the back of her business card and leaves it in her cell phone case. I've come to realize that making things "more secure" is actually making the our information systems less secure. Further, adding levels of security is making the computer using experience at my organization more challenging for the already technically challenged. For example, enabling password complexity requirements just makes things harder for people to remember. The result is more passwords written on post-its. I think we, as IT professionals, have to acknowledge that not all of our users are as savvy we are. Not everyone is going to be capable of keeping their passwords straight. Perhaps the solution is to make things easier for our end users. I'm thinking now that I should install a single-sign-on software on all workstations. Once a user logs in they will never have to enter a password again (after the initial setup at least). On it's face, this may seem like a terrible solution. I'm thinking though that this might actually make things more secure as users will not be confused by multiple passwords. Hopefully, this will result in less post-it-passwords. I can then thoroughly secure the workstations by deploying Bitlocker and forcing the screens to lock after a certain period of inactivity. By securing the workstation I'm not noticeably inconveniencing users. This is a bit of give-and take, but a possible win-win. I'm wondering if anyone else has had similar troubles in the past. Any creative solutions? I've recommended terminating at least on person here, but I think my boss thought I was kidding ;-) -- Chris O'Connell http://outlookoutbox.blogspot.com
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
