[Discuss] A Little OT: The Password Post-It

[jc at trillian.mit.edu (jc at trillian.mit.edu)]

Chris O'Connell wrote:
| I think we, as IT professionals, have to acknowledge that not all of our
| users are as savvy we are.  Not everyone is going to be capable of keeping
| their passwords straight.

Hmmm ...  A quick check shows that my personal password file has over
200  distinct  entries.  Some of these I haven't used in over a year,
but the accounts are still there.  One reason I haven't used them  is
that  lots  of  software  now  remembers  them and fills in Password:
fields for me.  But even if this weren't happening, I still  couldn't
remember that many passwords, unless I made most of them the same. If
anyone claims that they can, I'd be very skeptical without a demo.

So my level of savviness is probably irrelevant; I'd be surprised  if
very many people of any kind can remember so many nonsense words.

And, despite whatever strategies I may try  to  use,  most  of  these
passwords  do  have at least some stuff that's difficult to remember.
This is due to the way that admins insist on password rules that  are
designed  for security, but which are different for every site.  This
forces me to use passwords that don't follow  any  personal  pattern,
meaning  that  I  have  little  choice except to store them somewhere
that's easily available when I need them.

The real problem isn't that users write down  their  passwords.   The
real  problem  is  that  system  admins force the users to write down
their passwords.

(Hey, maybe I should use that as a sig for a while. ;-)


--
  The fewer jobs a tool is designed to do, the better it does each of them.
     _'
     O
   <:#/>  John Chambers
     +   <jc at trillian.mit.edu>
    /#\  <jc1742 at gmail.com>
    | |