This is not a diatribe on politics or a bitter anecdote of airport cavity searches, but rather the story of a
humble man’s man’s humble attempts at utilizing computer labs at UW-Madison.
When I was at UW-Platteville, each user had a single account with a single username and password. Anyone could log on to computers in labs in any building, and while I was occasionally annoyed to see non-EEs using computer in EE labs, by-and-large, the system worked. In Madison this is not the case. When I log in to a computer in the Computer Science building, I have to use my computer science username and password. Neither the username nor the password is the same as the username and password I use to access my email.
The real annoyingness of this system began to hit home as I sat down today in a lab in Engineering Hall, and found that neither of my other two accounts allowed me to access these computers. Instead, I was prompted to create yet another account. I figure it won’t be so bad if I just use the same password I used for the CS account. Unfortunately, the engineering system has a special password advisor to protect my security by telling me that no matter what password I chose, it wasn’t secure enough.
OK, first I’ll try the CS password. Nope not secure; it contains a dictionary word so(despite the fact that it’s 10 characters long, contains numbers, and mixed punctuation…) it is easily guessed.
Alright, whatever, that password did legitimately have a word in it. OK, I’ll try throwing some extra letters in there so it is still pronouncable but is no longer a word. PASSWORD IS NOT SECURE. IT CONTAINS THE DICTIONARY WORD ‘naro’. IT IS TOO EASILY GUESSED. First of all, I’m not sure how many people even know ‘naro’ is a word. Second, even if it is a word, it’s sandwiched between a bunch of random letters and numbers. This is not going to help anyone hack anything.
Whatever, no use arguing with a machine. I’ll just move one of the numbers over a couple places so it’s between the ‘na’ and the ‘ro’. Now that word no longer exists. Oops, now that password contains the ‘word’ “magna”. I’m beginning to get frustrated. I add and remove letters again until I’m satisfied that there is not a single word that can be spelled within the password…
YOUR PASSWORD CONTAINS THE WORD ‘kora’. What?? No, it doesn’t! Oh, wait…it contains the string ‘arok’, which is ‘kora’ spelled freakin’ backwards.
At this point I realize that based on the number of 3-letter words that exist and the fact that the program will read them backwards, even if they’re in the middle of the password, it’s pretty much impossible to make any pronouncable password that will not contain a word (in some direction). OK, let me think of some numbers I can remember easily. Alright, I have my old credit card number memorized, so I’ll try using the last 4 digits. My password will be ‘cc####’. Nope. So close, but this time there aren’t enough unique characters in the password.
I eventually (and we’re talking about roughly 10 minutes here) got a password that I have a small chance of remembering and does not contain any words, reverse words, or too many of the same character. Glad to know that my data is safe. I’d tell you what the password was, but I’m pretty sure that if I typed it in plain text, an automated security robot would shoot me in the head.
Oh yeah, I also can’t share data between my CS and Engineering accounts, so if I want to get that PDF I saved to my CS account, I’ll have to walk over to the CS building. Faaaaaaantastic.