RickInOz

An event triggered this posting today … but more about that later.

All of us who use computers, credit cards, or work in buildings with security systems sooner or later have to charge our memories with a huge number of codes and passwords. These consume our lives and demand ever increasing amounts of memory. As a quick tally I have 6 cards that require PINs, 8 email accounts, 4 computer logins, 5 different door codes at work and countless website username/passwords.

Remembering all of these is well beyond the limited capacity of my brain so, like many others, I cheat. How many of you have seen the following:

How tempting is it to simply click the “Yes” box and trust your confidential information to a computer. Not just a machine, but one that is vulnerable to hacking with the attendant risk of losing money. There are a number of electronic solutions that offer to encrypt this vital data, but none is completely safe and foolproof. Not least as you still have to remember a password to access the stored data!

So what alternative is there? I adopt the tried and tested method of using the same password or simple variants for most purposes. Obviously this makes life significantly easier for me, but carries the risk that knowing one password will lead to knowing, or least having a good guess, at the rest.

To get back to my original motive for this posting – the Royal Adelaide’s IT system. The administrators have set the computers to require a new password every month. This is great in theory as it minimises the risk of a hacker having prolonged access to your account. However I find it difficult to come up with a new password, and then remember it, every 30 days. Instead I tend to keep to the same basic password but vary it subtly in such a way that I could guess it easily if I forget. This clearly undoes the whole purpose of their security model, but I can’t think of a reasonable alternative, and I’m sure I’m not the only one.

I’d far rather all institutions adopt the model used by the University of Adelaide. As you remember I have taken on a part-time tutor position which affords access to the library and IT services. Of course I had to chose a password to get on the system. However rather than enforcing regular changes of weak passwords, they encourage the creation of a permanent, yet complicated password. It had to be at least 10 characters long, one of which had to be an integer, and at least one other had to be a punctuation mark. The chance of hacking this is extremely remote, and since I knew I would only have to chose once, I deliberately picked something completely complicated.

This seems far more inherently sensible, and suits my increasing senility!