![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif){kind=small}
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
rivkaThe clinic where I work two days a week refuses to give me login privileges to their network. Their rationale: I'm a contractor. Only employees may access the network, for security reasons. Okay.
We're not talking electronic patient charts. But I need to be able to check my e-mail from the clinic, and use the shared clinic computers to write up reports. Big signs over each computer require employees to log off when they're done. So without a login, I can't even access MS Word.
"You'll have to get someone to log in for you each time," the clinic director told me. Okay. So that's what I do.
The other day, one of the clinic employees came by as I was typing away and asked me, "Are you still using the computer as me?"
"No," I said. "I have to get someone to log me in each time."
"Well, I don't mind if you want to be me."
"I can't just log in as you," I explained. "I would need to know your password."
So she told it to me.
"Your password is the same as your login?" I asked.
"Yeah." She seemed surprised that I was surprised. "I think just about everybody's is."
So far I've confirmed that for the two other employees I've checked. This is the system, remember, where allowing official access to a contractor of three years' duration would be an unacceptable security breach. I believe that this is what's known as straining at a security gnat and swallowing a security camel.
We're not talking electronic patient charts. But I need to be able to check my e-mail from the clinic, and use the shared clinic computers to write up reports. Big signs over each computer require employees to log off when they're done. So without a login, I can't even access MS Word.
"You'll have to get someone to log in for you each time," the clinic director told me. Okay. So that's what I do.
The other day, one of the clinic employees came by as I was typing away and asked me, "Are you still using the computer as me?"
"No," I said. "I have to get someone to log me in each time."
"Well, I don't mind if you want to be me."
"I can't just log in as you," I explained. "I would need to know your password."
So she told it to me.
"Your password is the same as your login?" I asked.
"Yeah." She seemed surprised that I was surprised. "I think just about everybody's is."
So far I've confirmed that for the two other employees I've checked. This is the system, remember, where allowing official access to a contractor of three years' duration would be an unacceptable security breach. I believe that this is what's known as straining at a security gnat and swallowing a security camel.
no subject
Date: 2004-10-01 07:07 am (UTC)My work (which does not involve anything particularly confidential: ok, technically, access to circulation records, but that's about it, and only when stuff's actually checked out to someone.)
Anyway, we have an automated thing that makes us change our passwords every 2 months or so, and where we can't reuse passwords until we've gone through 6 others (I think.) This produces grumpiness, but better security.
At work, I usually pick a theme and stick with it for the year - I was doing Tolkein-based stuff for a year (Entish, minastirith), or I've done ballad titles (twacorbies, for example), or types of musical forms. Makes it easier for me to remember what my password is, without being something terribly easy for people to guess.
For more secure stuff (root network stuff at home, etc.) I do the 'first letter of each word in a phrase, with some numeric substitutions' sorts of variants.
no subject
Date: 2004-10-01 07:35 am (UTC)I went to chemistry formulas for a while, which are a good string of letters and numbers, and can even have non-numeric characters if required.
I worked for one place where our passwords were supposed to be the name of the organization. Everyone had the same password-I could have been anyone.