the insecurity of corporate security
So in my corporate contract position, I am put through the usual nonsense for an employee regarding IT security. My computer has a start-up screen that requires a user ID and password. Then I have a required system password just to get to Windows. The file management program we use for the website has an ID password. I must enter my time into two separate programs each of which require completely different IDs and passwords.
Various other programs require passwords as well though, for the most part, they just use the system password. Nonetheless, it’s a whole lot of user IDs and passwords. At least five different combinations, none of which expire at the same time.
Last week my system password began the incessant and irritating countdown towards password obsolescence. Each day, the two login systems reminded me with a loud beep and a pop up window that my password expired soon. Also, I received an email each day reminding me of the fact.
I let it all go. If the IT department wants to play by these stupid rules, then let them. My password expired over the weekend.
On Monday, I started up and was prompted to change my password. I did. The second password screen which boots me into Windows didn’t allow me to change the password after expiration. It simply said “This user has been disabled.”
So I called the helpdesk. To make a very long story short, it took them two hours to reset the system password for me.
At the end, I had a brand new password to remember.
So I wrote it on a Post-It and stuck it to my desk.
Is the company more secure for all that?