login chaos
Sep. 2nd, 2005 02:45 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
cellioNow that we've been bought by a large company with large infrastructure, I've had to acquire quite a few more username/password pairs -- benefits site, HR site, sites for specific health providers, VPN, timesheet system, etc etc etc. (This is, of course, on top of the normal stuff -- machine login, email, etc.)
This wouldn't be so bad if all of these systems used the same pattern for the user name and maybe even the same requirements for passwords. But they don't. So there I was, trying to access one of these sites, getting "user name or password not valid" complaints, and having to try all the possible combinations of all values I could think of (because telling me which it disliked would give away too much information).
The problem turned out to be the user name. It wasn't my last name. It wasn't my email address. It wasn't my SSN. It wasn't my employee ID (actually the first thing I tried, since it was a corporate site and that's a corporate-issued ID). No -- it was the first letter of my first name plus the first four characters of my last name plus the last four digits of my SSN. I kid you not. Yeah, now that they mention it I recognize that. But who remembers stuff like that? Especially when there's exactly one system among the myriad that it applies to?
Is it any wonder that people write these things down (including passwords) or tell their browsers to take care of it?
This wouldn't be so bad if all of these systems used the same pattern for the user name and maybe even the same requirements for passwords. But they don't. So there I was, trying to access one of these sites, getting "user name or password not valid" complaints, and having to try all the possible combinations of all values I could think of (because telling me which it disliked would give away too much information).
The problem turned out to be the user name. It wasn't my last name. It wasn't my email address. It wasn't my SSN. It wasn't my employee ID (actually the first thing I tried, since it was a corporate site and that's a corporate-issued ID). No -- it was the first letter of my first name plus the first four characters of my last name plus the last four digits of my SSN. I kid you not. Yeah, now that they mention it I recognize that. But who remembers stuff like that? Especially when there's exactly one system among the myriad that it applies to?
Is it any wonder that people write these things down (including passwords) or tell their browsers to take care of it?
(no subject)
Date: 2005-09-02 07:32 pm (UTC)Massive corporations that were once garage operations by two MIT dropouts use Kerberos for the same purpose, with the same gateways.
Massive corporations that have sold their soul to Microsoft use Active Directory, supplemented with LDAP and NIS gateways.
Your company... needs a real IT director.
(no subject)
From:(no subject)
From:(no subject)
From: