My Vision,     
     My World

2008.11.17


2008.08.07


2008.06.21


2008.06.05


2008.05.07


2008.02.12


2007.12.18


2007.10.07


2007.06.16-03


2007.06.16-02


Archive

Archived Post

Going too far in the name of ‘Security’

This is not a diatribe on politics or a bitter anecdote of airport cavity searches, but rather the story of a humble man’s man’s humble attempts at utilizing computer labs at UW-Madison.

When I was at UW-Platteville, each user had a single account with a single username and password.  Anyone could log on to computers in labs in any building, and while I was occasionally annoyed to see non-EEs using computer in EE labs, by-and-large, the system worked.  In Madison this is not the case.  When I log in to a computer in the Computer Science building, I have to use my computer science username and password.  Neither the username nor the password is the same as the username and password I use to access my email.

The real annoyingness of this system began to hit home as I sat down today in a lab in Engineering Hall, and found that neither of my other two accounts allowed me to access these computers.  Instead, I was prompted to create yet another account.  I figure it won’t be so bad if I just use the same password I used for the CS account.  Unfortunately, the engineering system has a special password advisor to protect my security by telling me that no matter what password I chose, it wasn’t secure enough.

OK, first I’ll try the CS password.  Nope not secure;  it contains a dictionary word so(despite the fact that it’s 10 characters long, contains numbers, and mixed punctuation…) it is easily guessed.

Alright, whatever, that password did legitimately have a word in it.  OK, I’ll try throwing some extra letters in there so it is still pronouncable but is no longer a word.  PASSWORD IS NOT SECURE.  IT CONTAINS THE DICTIONARY WORD ‘naro’.  IT IS TOO EASILY GUESSED.  First of all, I’m not sure how many people even know ‘naro’ is a word.  Second, even if it is a word, it’s sandwiched between a bunch of random letters and numbers.  This is not going to help anyone hack anything.

Whatever, no use arguing with a machine.  I’ll just move one of the numbers over a couple places so it’s between the ‘na’ and the ‘ro’.  Now that word no longer exists.  Oops, now that password contains the ‘word’ “magna”.  I’m beginning to get frustrated.  I add and remove letters again until I’m satisfied that there is not a single word that can be spelled within the password…

YOUR PASSWORD CONTAINS THE WORD ‘kora’.  What??  No, it doesn’t!  Oh, wait…it contains the string ‘arok’, which is ‘kora’ spelled freakin’ backwards.

At this point I realize that based on the number of 3-letter words that exist and the fact that the program will read them backwards, even if they’re in the middle of the password, it’s pretty much impossible to make any pronouncable password that will not contain a word (in some direction).  OK, let me think of some numbers I can remember easily.  Alright, I have my old credit card number memorized, so I’ll try using the last 4 digits.  My password will be ‘cc####’.  Nope.  So close, but this time there aren’t enough unique characters in the password.

……

……..

I eventually (and we’re talking about roughly 10 minutes here) got a password that I have a small chance of remembering and does not contain any words, reverse words, or too many of the same character.  Glad to know that my data is safe.  I’d tell you what the password was, but I’m pretty sure that if I typed it in plain text, an automated security robot would shoot me in the head.

Oh yeah, I also can’t share data between my CS and Engineering accounts, so if I want to get that PDF I saved to my CS account, I’ll have to walk over to the CS building.  Faaaaaaantastic.

collapse Erika Says:

O_o Weirder and weirder. This sort of reminds me of my school district’s anal tech guy. We have software purchased through our preschool budget that he STILL hasn’t put on our computers. But yet, I have all this other shitty software for the older grade’s math, reading, and writing programs that I don’t even WANT! Ugh, he’s useless.

collapse t-kun Says:

As a former tech guy, I can say with a certain amount of confidence that your tech guy is probably just lazy. We used to come up with all sorts of technical-sounding excuses to avoid doing stuff.

 
collapse dyre Says:

What school do you have to go to be an Anal Tech, and why is an Anal Tech working with children.

collapse Erika Says:

He’s not working with children. And anyways, yes I get your joke haha Anal Tech.

 
 
 
collapse Michael Says:

Hahahaha. Wow. I now know why non-engineering students are not allowed on engineering computers. It would be much too complicated for us. :-)

 
collapse dyre Says:

jesus. sounds like cookie cutter United States Security to me.

 
collapse Liz Says:

Wow. Would it be easier with a personal laptop?

collapse t-kun Says:

Not according to the dude who was trying to print something with his laptop in the Linux lab today. Glad I wasn’t him.

 
 

You must be logged in to post a comment.