« July 2005 | Main | September 2005 »

August 09, 2005

Lost passwords on a Sunday Morning

This Sunday morning I was waiting at the gate for my plane. Generally I hate traveling on the weekend unless I'm on vacation but the customer could only do a Monday morning meeting.

Someone else was traveling on business too - I'll call him "Mr. yellow shirt." Mr. Yellow Shirt was distressed. Not only had he forgot to wear a belt, but he had also forgot his network access password.  (Gold Systems just release a password reset application,  but I am not making up this story as an excuse to blog about it. This really did happen.)

Mr. Yellow Shirt just had to have access to the network. His business Card, in plain view on his laptop case, indicated that he worked for a Really Big Consulting Firm. He whipped out his cell phone, punched a speed-dial button and waited patiently. "Norman, hey buddy I'm sorry to call you at home on a Sunday morning but my password isn't working and I really need access to the network." Long pause, presumably as Norm gets out of bed and logs into the network to reset Mr. Yellow Shirt's Password. Passwords generally don't just "stop working", but I'm guessing they both know that Mr. Yellow Shirt just forgot his password again. Now that Sarbanes-Oxley (or more correctly, the people interpreting SOX) is mandating frequently password changes, this sort of call is happening a lot these days.

"Hey OK, that's great - Q W E R T Y . Just a second, let me write that down . . . OK, that's Q . . ." At this point Norm must have told him not to repeat his password out loud in a busy airport where anyone could be listening. Norm probably also made a mental note to give out even easier passwords than the top 6 letters on the keyboard because the only thing worse than saying a password out loud in public is to write it down.

Mr. Yellow Shirt thanked Norm again for helping him out and wished him a good rest of the weekend. I'm sure Norm appreciated the wake up call and the chance to start his day bright and early. Just then they started boarding our flight and Mr. Yellow Shirt hurried off to his business class seat without getting a chance to login and change his password from "Qwerty" to something easier to remember. According to the in-flight map, Mr. Yellow Shirt and I are just now passing over Harlan County Lake, Nebraska. The temporary Password that Norm assigned probably just expired, so Norm's going to get another call this afternoon.

This is a true story and it is costing help desks and IT departments time, money and security. Norm, if you are reading this give me a call and let me tell you how Gold Systems' Password Reset could have let Mr. Yellow Shirt reset his own password securely using just his voice and a telephone. It's less than the cost of even one of your help desk agents and it works 24 hours a day. (Don't they have better things to do? Gartner estimates that about 25% of all calls to help desks are now password reset requests.) With an automated solution, you don't have to worry about the help desk giving out passwords to a cracker with a good story. Even better, you could have slept in this morning. 

August 9, 2005 | Permalink | Comments (1) | TrackBack