As a child my mother used to tell me that if my head hadn’t been attached to my body, I would have forgotten it most of the time. As I’ve grown older my memory has not improved one jot; I still regularly forget things to add to the shopping list, dates and events as well as forgetting to take the rubbish out.
Our ICT department do not appear to be sympathetic to my plight however. Recently a brand new layer or two of ‘security’ has been forced upon us. There was nothing demanding that this happen, but some ICT people decided that it could be done, therefore it should be, and to hell with the consequences and impact it has on the rest of the staff.
Let me take you through a typical log-in routine. After switching on a PC I have to input my username and password. This password is forced to change every 30 days, and follows these rules:
- Can’t be a password that’s been one of your last 24 versions
- Must contain upper case
- Must contain lower case
- Must contain a special character (i.e. non-letter)
- Must contain a number
I then get taken to my profile, and have to log in to each of the shared drives I want access to. Each of these has a different username and password. Should I need to update our website (part of my normal role) I’ll need another username and password for each one. I also have to log on to my phone line, requiring yet another password.
If I am using a laptop I need to first enter a different password to get I to boot up, then input my username and password again. If I’ve not used that particular password before I need to call IT and via a call and response system enter a 64 digit code before getting access. Of course I then need to log into shared drives and websites as above.
Before I can talk to ICT to get this done however I also have to give them a verification code to prove that I am who I say I am. Even if I’m calling from an internal line and they will be able to see the screen and account I am logged in under, I still need to give this code before they will speak with me.
I’ve also got a separate code to access my blackberry, and have separate codes for each of the different systems I use such as access to our various databases. And these are just the ones that I can remember off the top of my head.
Don’t get me wrong here; I appreciate the need for security around certain information and the need to be sure that the bad guys can’t get in, but if this continues to travel along this path it wont be long before the good guys can’t get in either. Whenever I happen to forget which of the myriad passwords is required I end up sounding like a criminal who is chancing their arm in the hope of getting past lax systems.
It’s not just the passwords that are causing trouble either. Each time a major security layer is added it seems to wipe out all of the special settings on all laptops. This has resulted in a large chunk of software suddenly ceasing to function and requiring ICT to dedicate time to fixing all of them as the problems are found. As the encryption software prevents people from logging on remotely they can’t even do this easily, meaning that the laptop has to be physically taken over to them before it can be looked at.
IT is complicated stuff. It doesn’t all come from the same place, and often the bridges to link it all together are ropey at best. But I refuse to believe that there is not a simpler, smarter way of us keeping our data safe. I’ve seen people simply printing off lists of their passwords as they can’t remember them all, and most of our laptops have the passwords brazenly stuck onto them.
I want to be able to log on to my computer using one username and one password, and then have everything else read this automatically. I want to not be required to release my entire personal data before I can ask someone to change my mouse speed from warp 9 down to something the human eye can track. And I want whatever security policy is put into place to actually be in place for longer than one of Jordan’s marriages.
Is this so hard?