Friday, October 03, 2008

Security & Me

I appreciate security. I appreciate the notion that I can go about my business dealings in a secure, risk-free manner.


Nobody can access my Pre-tax savings. I have been accumulating reserves paycheck to paycheck. I sit like a mother hen and imagine it grow. Considering imagination is the only course of action open to me now, it is a pretty good occupation to indulge in. Nobody can access my Pre-tax savings, not even myself.


I have been slacking with reimbursements and claims. As I groggily started my day, I decided to attack all of the 'Pending' items on my to-do list. Transit claims, expense claims - the works.
I enter the site with determination. The site believes in security and so do I. It prompts me for a user id and password. Determination slowly turns to trepidation: This is where the trouble usually begins - each one asks for a different userid/password combination. I try to keep the passwords along the same lines, since there are atleast 8 different systems in the company I work in, dealing with different aspects of my life. The problem comes when each system requires me to change my passwords at varied intervals.


System 1 determines changing passwords once every 3 months is good enough, while system 3 wants it to be on a monthly basis. System 2, on the other hand, does not really care whether I change my password or not, as long as it is 32 characters long and has atleast 2 numerals irregularly spaced every 13 characters, and has atleast one special character to boot along with a rather simple requirement that the letters used cannot all be lower-case or upper-case. And it really only asks that you don't start the password with a capital letter.


I finally hit upon something - I appeased all the password Gods and dutifully complied with all the rules. I saved the passwords cryptically in my drafts folder. And for somebody to get to my drafts, they had to plunge into the very depths of my brain, and and use advanced data mining techniques for connections and links to mundane details in my life, before they could find the password.


I had the system under control. Till it was determined that keeping one's email for too long is risky business too, and implemented a 30 day rolling deletion policy on email. One fine day, my drafts which contained the goldmine of information was deleted, without a trace of retrieval!

So, here I am enjoying a perfect day mailing random system administrators about my imperfect memory, and requesting system resets. They comply and remind me: I must only remember not to use any of the last 8 passwords I have ever used on the site. Given that I don't remember any of the passwords, is there a way to tell me which are the 8 I previously used, I ask innocently.

2 comments:

anand said...

:). You do have a great way with words.

I wrote all such passwords in a sticky and posted it behind my monitor at work :D. I got a security violation memo from the security nazi. Apparently it is a very common thing people do :D.

So these days, they are in a note in my phone. Of course now my phone is password protected so it is a PITA to unlock it every time.

I pray to gods that something like OpenId takes over the world. But there are now 4 different OpenId providers and guess what? I already have 4 different OpenIds with their own passwords.

nourish-n-cherish said...

Thanks Anand.

To your stick-it note point, I had tried sticking under my keyboard, and that too was nosed out!