'security' gone mad at work

axisus

For the past 16 years my phone has has a 4 digit pass to get access to phone messages. These aren't top secret messages, just typical office stuff - 'call me when you get back' etc.

So, end of December we get a memo saying that all phone passes now have to be 8 digits. 8 bloody digits!!!!! utterly annoying and pointless. I just doubled mine up to the same number twice. 2 months on and I still put the wrong number in every time, after 16 years you are kind of hard wired to 4 digits. 

But it gets worse ...... I went to retrieve a message today, only to be told that 2 months is up so I have to change my number!?!?!? Every two months we have to come up with a new 8 digit number. The message has the audacity to say 'make it a memorable number'. OK, so I went for the easy option: 11111111. Nope, that got refused. The system is now telling me that it has to be a RANDOM number! So basically, every 2 months I have to come up with a random 8 digit number that is 'memorable'. At this point I did what any normal person would do - made a random number up and stuck it on my phone with tape!

I HATE this sort of utter bullsh*t. 

 

PolarityMan

just double your existing 4 digit pin?

Sporky

axisus said:

The system is now telling me that it has to be a RANDOM number!

How is it assessing that? People aren't very good at generating random number sequences.

stickyfiddle

We have a similar system, plus laptop passwords that change every 3 months. 

Corporate IT have never quite grasped that the most secure password is simply very long one that you never change, and never write down, because you remember it. 

TheBlueWolf

Find the person responsible for the security, beat them round the head with your office phone, then tell everyone to email you

guitarfishbay

I thought this stuff was common in most offices these days.

Pretty much every time I come back from a holiday I have to ring IT to re-set mine.  It always seem to need renewing around the time I go off, meaning I've only entered it a few times before going.

Though my absolute record was resetting my password, locking my computer to go to the toilet, coming back and completely drawing a blank.

PolarityMan

Sporky said:

axisus said:

The system is now telling me that it has to be a RANDOM number!

How is it assessing that? People aren't very good at generating random number sequences.

let me try
43021023
00482716
12302948
02931234
09012345
90909012
12345609
03820482
12345678
12345678
12345678
12345678

By gosh, you're right!

crunchman

Our system is thick enough that you can keep passwords the same and just change a number.  It remembers recent ones and won't let you re-use them again.  I've got two sequences that I go through with the numbers going from 1 to 0 on the keyboard.  By the time I've finished that I can start again.

Our phone pins will accept things like 1212 and 1313 so I cycle through those.  It lets me start again with 1212 when I get to 1919.

Evilmags

Mum's phone number. Sorted

Bridgehouse

Evilmags said:

Mum's phone number. Sorted

Nope - everyone knows that

FX_Munkee

Handy hint for anyone who has a password system that won't let you use "previous" passwords i.e. you can't just append a different number.
Use your existing password and append it with _01$ Then just increase the digit each time, most machine parsing sees that as valid "text".

m_c

Try keeping track of two 8 digit PINs (admittedly they never change unless I make a total balls up) depending on how I'm connecting to the intranet, and then 4 different passwords for different systems, that have to be renewed every 60-90days.

And I'm officially not allowed to write them down anywhere, as that would be a breach of company policy. However, I do have some seemingly random letters and numbers marked inside a notepad, but by the time anybody deciphered the code, they'd of used up the 3 attempts and locked the accounts out.

Roland

axisus said:

I went to retrieve a message today, only to be told that 2 months is up so I have to change my number!?!?!? Every two months we have to come up with a new 8 digit number. ... I HATE this sort of utter bullsh*t. 

It is bullshit because if employees don't agree with the approach then it actually decreases the security level. I once opened a security seminar for a client. "Good afternoon everybody. It's 1st September, so who set their password to "company09" this morning?

ArchtopDave

crunchman said:

Our system is thick enough that you can keep passwords the same and just change a number.  It remembers recent ones and won't let you re-use them again.  I've got two sequences that I go through with the numbers going from 1 to 0 on the keyboard.  By the time I've finished that I can start again.

Our phone pins will accept things like 1212 and 1313 so I cycle through those.  It lets me start again with 1212 when I get to 1919.

I do the same from 02 to 40, and then start from the beginning again.

stickyfiddle

FX_Munkee said:

Handy hint for anyone who has a password system that won't let you use "previous" passwords i.e. you can't just append a different number.
Use your existing password and append it with _01$ Then just increase the digit each time, most machine parsing sees that as valid "text".

We have that. I keep a standard 3-digit numeral/symbol combination that I append to the back of whichever comic book character springs to mind on password-change day. 

Deadman

Very normal where I work. I agree it's annoying though.

An easy system to stick to with this would be to go:

12345671
12345672
12345673
12345674
12345675
12345676
12345677
12345678

After that just start again. If it doesn't allow it, go backwards.

Myranda

As one of the staff with password admin rights I just change my password to what I darn well want and it gives me my passwords and subsequently avoid any silly "no, this isn't a passwords of the sort we like, even though our policy is such that Pa$$word1 would count as a strong password, and we've arbitrarily limited you to 16 characters" messages

John_P

I put the number of the month in mine - at work we have several and it gets frustrating every time they reset your network profile and you lose all saved passwords.  
After one heated discussion with the IT bods I printed off an A3 page with them all listed in big font and stick it above my desk.    If anyone coming in the office wants to log in to see my collection of exam questions they are welcome - I suspect it's not worthy of a major hack.  

mike_l

One of my password with a supplier is 1 2 3.


At the last place we had to change our password approximately once a month. Sometimes it was 2 weeks, other it was 6 weeks.........

We were supposed to change completely each time. Never happened, it was same word, with the number on the end bumped up by one.

One lad in the office had Parts386 as his (it had started at Parts 01).

richardhomer

I worked for a company which provided an iPhone which required the passcode updating monthly. It was a 5c which didn't have fingerprint recognition. Bloody annoying....

MattBanshee

Spell words with the keys, treat it like an 8 letter password. Job done. Here's a couple to start you off:

Elephant
Mandolin
Armchair
Icecream
Electric