Security at Work

At school today, one of my classes took a trip down the hall to a computer lab. Upon logging in, I was faced with a prompt, telling me that my password had expired and that I needed to change it. “Cool,” I thought to myself, “our computer administrator actually cares about security on our school’s systems.” Clicking the “OK” button (which was my only option), I proceeded to the Change Password prompt. And it was here that I realized how dumb our school administrator had been in implementing this required password change.

At the prompt, I quickly realized that I could not use any decent passwords. Trying to use any combination of numbers, letters, and symbols (e.g., *) failed. A message telling me that my new password was invalid was the only feedback I got. Furthermore, I couldn’t log into the machine until I had successfully changed my password. Cutting the symbols out of the password, I continued to try. Again, I was greeted with failure. Were letters the only valid characters? No dice their either. I sat back, unable to change my password and unable to log in. Then it struck me. “I’ve probably got to use my phone number, don’t I?” My school has typically used phone numbers as default passwords in the past, so it seemed a likely solution. Bingo! My password change was successful, and I was finally able to log in.

Of course, using your phone number for a password isn’t exactly a great solution. Obviously, anybody that knows your phone number can log into your account, access all of your files (ignoring the fact that you’d be stupid to store any really sensitive information on a school computer, anyways), but worst of all, they are you for all the administration is concerned. So, for example, if I have a friend who knows my phone number, logged in as me and looked at some pr0n while using my account, there would be more than a little bit of trouble coming my way. Furthermore, I’d have no way of being able to prove my innocence.

With an understanding of the flaws of using my phone number as my password, I went back to try to change my password to something a little bit more secure. I tried a random string of numbers. “Invalid password change,” the screen informed me. Even passwords made of strings of ten numbers, the same number of digits that are in phone numbers, resulted in failed attempts to change my password. The only password that I could use for my school account was my own phone number.

Don’t get me wrong here, I’m all for security. Strong passwords are essential for keeping your information and identity safe from potential theft. Changing your password every so often is a great idea, as it will do nothing but make it harder to hack into your account. However, implementing a required password change and then only allowing users to change their password to a certain thing is retarded. It completely defeats the purpose of not only expiring passwords, but security in general. Even a password of abc123 would be more secure than using your phone number. Mind you, I’m not sure what else I was expecting. Our computer administrator has blocked all common webmail sites, right clicking, and even all image searches on the school computers. When we had a permissions problem one class (a file our teacher had saved on my school’s shared network server had no read privileges for students), he managed to spend a full 45 minutes trying to convert the Word document into different formants instead of just changing the permissions on the file, and never managed to solve the problem. I haven’t used a Windows machine outside of my school’s locked down systems for two years, and I’m pretty sure I could do a better job of being administrator than our IT guy.

The next time I logged in, a dialogue popped up, informing me that my current password will expire in 30 days.

Advertisements

Going to Church is Hazardous

Today’s Easter Sunday, so I felt somewhat obligated to go to church today. I am a Roman Catholic, but I can’t even remember the last time I went to church. So, feeling somewhat chagrined, I got into my car at 7:20 this morning to drive to church so that I could catch the 8:00 mass.

I arrived at the church about half an hour early, but the parking lot was already full when I got there. Luckily, I was able to hunt down one of the loan spots remaining. Satisfied with the prowess I showed in snaring a spot that wasn’t miles away from the front doors, I sauntered up and into the church. As I strolled up the aisle, I looked around, noting how much things had changed since I last remembered. There were new windows, stained glass murals, some new paint, and a bunch of banners. “Wow,” I thought to myself, “it really has been ages since I was here last.” And then it hit me.

I felt my throat clenching down, making it difficult to breathe. At the same time, my nose started running and my ears started to ring, both feeling like they were going to explode. “This church is trying to kill me!” my panicked brain exclaimed. Something in the church, likely the incense from the Easter Vigil mass the night before, had ticked off both my allergies and asthma. It was making my body turn against itself in a violent way. And I didn’t have any antihistamines, Kleenex, or cough drops. And I could barely breathe. All in all, things looked grim.

But then, a flash of brilliance hit me. I slipped off my coat, tossed onto a vacant space on a pew to save a seat for myself, and then dashed off to the nearby washroom. The doors and lack of good ventilation in the washroom was my saviour. It stunk to high heaven, like usual, but the toxic incense from the rest of the church hadn’t seeped in there yet. The stench was a fair trade-off for being able to breathe. Plus, I was able to arm myself with some makeshift Kleenex, also known as toilet paper. I stood there in the washroom for the rest of the half hour before mass began. Then, I braced myself and headed back to my pew.

All I can say is that I made it. I spent the entire hour-long mass with a head that was on the verge of spontaneously combusting, not to mention my difficulties breathing, but I managed to make it through the entire mass. Then, when the mass was over, I bolted for the doors in the most respectful way possible. Stepping outside, I was finally free of the toxic fumes. In addition, my mad rush to get out of the church resulted in me being one of the first people out, making it easy to get out of the parking lot for once.

My peril at church has taught me a valuable lesson: going to church is hazardous for my health.