Wednesday, August 5

SecureID tokens and other IT annoyances

Ok, the first SevureID token was kinda cool, which is what gave me the insane idea to attach it to my key chain. By the time I got the fourth the shine was pretty much off though.
And when I got the black shield-like thing which doesn't have any attachment means all I could do was sigh.

The security officer who came to drop it off in person was somewhat miffed about me puting the PIN codes on the back of the tokens. Apparently that's a security breach. So I opted not to mention the Excel file containing my 43 passwords which my chief has on an USB stick for when I am sick. In my defense, I don't do an "int+1 " to my passwords, unlike people of whom I know they're on Welkom05! now and Welkom06! in a few weeks.
He's an ok guy really. He took the news rather well when we informed him upon moving our department that all business critical passwords, security procedures e.t.c. are safely tucked away in the 500 Kilo built into the room security-closet (think safe) along with both keys to said closet.
Ah well, as long as they're secure you know.

We also had to reset admin passwords and such on over a hundred servers because one of our customers managed to get their office network (not managed by us) Confickered last weekend. You know, the virus that held the entire IT world in thrall like two, three months back?
I sometimes feel IT security is not emphasizing security he right way.

1 comment:

  1. I am doing the int+1 trick at work. We need to change password every three months or so. But it not 'welcome', and unique for work. So I feel quite secure.

    But in general some sites have complete stupid and unnecessary password rules. It only makes people write them down in a not so secure place. But the whole password rules do make grateful for the invention of leet talk. It is perfect to get those numbers in and still be able to remember it.