Monday, November 12, 2012

Be careful what you choose for a password

This isn't the usual story you hear about passwords. Normally you are warned that your password needs to be more than 6 or 8 (or more) characters long.Normally you hear that your password should include a mix of upper and lower case characters and some numbers. Normally, you hear that you need to change your passwords often and to not use the same password for multiple accounts. Normally you hear that you should not use a commonly used password (the top five are, "password", "123456", "12345678", "1234" and "qwerty") or the names of your children, spouse or pets. Those are all good suggestions but that's not what I'm talking about here.

When I first started working at this company (almost 25 years ago!), we ran a Bulletin Board System (BBS). They were very popular in the 1980's. They allowed our customers (and anyone who was interested) to call in using a computer and modem and, with a simple terminal emulator, see our company's products list, get news about upcoming products and download the software and firmware that ran our products for free. It also allowed customers to ask technical questions about our products in the hours when our office was closed. It was free and relatively easy to use. We used a program called Red Ryder (later updated and renamed White Knight) to run the BBS on a spare Macintosh computer.

Being the new guy, I inherited the management of the BBS. As more people started using it and more non-customers began using it, we started forcing people to set up an account that we would review before allowing them to use the BBS. It's sad to say but even then, with the relative anonymity the BBS provided, some non-customers would log on and leave comments that were derogatory, disruptive and just plain lies. So, we wanted to know who the people were who would be using the system. We didn't need some know-nothing insulting our customers. Part of setting up an account was choosing a password. Like everyone else on the system, I chose a password - assuming I would be the only one seeing it. Isn't that how passwords are supposed to work?

One day, a friend (and customer) of the company owner asked him about getting an update of one of our software products - right away! The owner asked me how he could do that and I told him about the need to set up an account. The owner told this to his friend but the friend didn't want to take the time to do that and wait while I verified the account and confirmed it for use. He was in a hurry! I said I'd be there waiting for his call and could set him in a few minutes. "Not fast enough," was the answer.  "Why can't he just download the software update? Don't we have a guest account?" No, I hadn't set one up. It seemed too easy for a troublemaker to figure that out. So then the owner said, "Can't he just use your account for now?" Well, he could but that would mean he would need to know my password. The owner said, "What's the big deal? I trust him and you could always change your password after he's done." I tried a few more evasive suggestions but they didn't work. I could see the owner was losing his patience. Finally, I had to give him the password, "BadAss". I was so embarrassed. For his part, the owner didn't laugh at me and I guess his friend got the software he had been after but, to be honest, I felt so bad I'm not sure what happened. I do know, though, that whenever anyone in the company wanted to get a rise out of me for the next few months, all they had to do was say, "BadAss".

3 comments:

Ninja of ice said...

use something from a game or show you like as your password(like "Pikmin" "Toad" or "Nindroid".

Fire-Cat said...

How about a Christmas name or Someone from the Bible meaning Christmas lights, Jesus or something like that.

Fire-Cat said...

P.S. Why would owner "NOT" Care about your password? (Deep voice)"Why would you say no who cares! about your password it can go all over the world!"
The owner wouldn't care!