Wednesday, August 19, 2009

Passphrases

Company has instituted a new security methodology. Effective as of the end of the month, we are no longer permitted to use passwords, but are instead required to create and use passPHRASES. Get used to the term: it's going to become ubiquitous in a fast way. The government has latched onto the idea as the latest rage in computer security.

The last time we had an evolution in passterminology was "strong" passwords - passwords which had to include at least one each of the following: capital letter, lowercase letter, number, and symbol (aka "special" characters, which always makes me giggle in a juvenile fashion.) While this was originally a burden, some of us developed a method for random strong password creation.

When I joined Company, there were so many systems, I was at a loss as to I was going to remember to change my password on all of them when it came time to change it on one (otherwise you're stuck remembering which ones use the new and which use the old). But Company has an internal website called Password Manager that allows you to change your password across all pertinent systems at once. Hooray, Company, for making your employee's lives easier!

But now we must develop passphrases. Passphrases must be between 15 and 30 characters long, to include spaces and symbols, such as "You have got to be joking!"

To own it, Company is probably only doing it as a brag point to the government. But policy is policy, so let's go online and invent our passphrase.

And now we come to the punchline. Computers that use Novell as a gateway are not permitted to use spaces or any special characters that were not already approved as part of the Strong Password movement. And, to my knowledge, we ALL use Novell. So basically, we're just supposed to create an exorbitantly long password.

But wait, there's more. This passphrase is only for systems that use our email password, which does not include our encryption system or our time entry system, possibly among others. So now we're up to three passterms to remember (because don't you dare write them down!), since our encryption system uses one set of criteria, our time entry system uses another, and neither of them accept passphrases. And let's add insult to injury: Password Manager now only let's you change your passphrase across the email-password-based systems - it won't let you change your password for the systems that won't accept more than 8 characters, so we'll have to do that manually.

Wow, that was quite a value-add. I'm so glad Company went to all that trouble to institute this policy since it will make such a difference. Really, the only difference I can note is that it is easier to mistype my fancy new password.

No comments: