Password Management

I have worked for a number of firms over the years and all of these, like many others, have password policies. Password policies that are not only annoying but utterly counterproductive.

The consensus among security professionals is that passwords should be long, random, stored in a password manager and shouldn’t be changed unless you think your account has been compromised.

If you look at the password policies implemented by many — if not most — companies, it quickly becomes apparent that security is less important than giving the security auditors a box to tick. These are not the same because you can’t audit the strength of someone’s password, but you can audit how often people are obliged to change their password.

Forcing frequent password changes, however, leads to terrible passwords.

When people have to change passwords frequently, they start to look for workarounds in order to avoid forgetting their passwords. Passwords become shorter and easier to remember, or guess. People start following a memorable theme, so that even after their password is changed, the new one is instantly guessable. Worst of all, people will start writing their passwords down.

I have even seen some firms ban the use of password managers, which compounds all of the above.

The end result is that, by meeting the audit requirements for security, companies make themselves less secure.

Don’t you just love checkboxes?

The new normal

There have been plenty of discussions, both online and off, as to how the world will change in the wake of the current pandemic. And now the Walloon Minister for Mobility, Philippe Henry, has called for people to keep working from home after the lockdown ends because of the positive impact on traffic and on the climate.

As a result of the lockdowns, there is significantly less traffic on the roads due to a ban on unnecessary displacements, and pollution has gone down all over Europe. Henry wants this trend to continue. “If we reduce the number of cars on the road by 25%, there would be no more congestion,” he said, adding that it would help reduce CO2 emissions.

And bringing an end to congestion would be a very good thing indeed. Especially in Belgium which, being a small country, really doesn’t have the capacity for the amount of traffic that is normally on the roads.

I have to admit that for a long time, I was quite resistant to the idea of working from home. I like being able to leave the office and I can put the working day behind me. I am also influenced by the fact that when I last worked from home, the children were a lot younger, which tended to make things a bit difficult to say the least.

The boys are older now, and a lot less demanding, and I find that when I switch off my work laptop I am perfectly capable of completely switching off from work as well.

More generally, working from home for the past three weeks has brought home just how little I need to actually talk to any of my colleagues. There have been a couple of times where a face to face conversation would have helped, but by normal workflow is driven by email and this is as effective regardless of where I happen to be.

I don’t think the requirement to go into an office will completely go away, but it’s certainly worth considering how many of us need to commute for more than a couple of days a week.

Five Things #12

The Etiquette of Mythique Fine Dining by Carolyn Rahaman is a light but effective exploration of the challenges and dangers that come from cooking and eating magical foods.

Ed Yong on the predator that makes great white sharks flee in fear. Better to run than to have your liver squeezed out.

André Spicer on how organisations enshrine collective stupidity and employees are rewarded for checking their brains at the office door.

Denzil at Discovering Belgium takes an 11 km circular walk through the Forêt de Soignes and discovers the Monument aux Forestiers, a stone circle that memorialises foresters killed during World War One.

We Are Cult revisits Clockwise.

The Joy of Automation

I have long been a keen advocate of automating everything. As far as I am concerned, any job that can be automated should be automated — and will be automated unless someone explicitly tells me not to. It’s an attitude that has saved my sanity in more than one occasion when I’ve found myself single-handedly supporting a business critical application.

It also earned me a fair bit of leeway when my manager, thinking I was awake at 2:00am resolving issues with overnight jobs, would say nothing about my inability to drag myself out of bed.

But it never got me promoted.

I take my hat off to Serge, who was promoted for slacking off, and to Louis, who was given a pay rise for oversleeping. I really must try harder to do less.

Imperatives and Explanations

While on the subject of workplace toilets, Alistair Dabbs observes:

Also highly revealing about a workplace is the signage displayed in office restrooms. Wherever I go, no matter how posh the surroundings, workers appear to need wall-mounted directives printed in large font sizes on how to use — or rather, how not to misuse — the facilities.

This reminds me of the facilities I encountered at a previous employer. The cubicles on the first floor (which was inhabited mainly by IT folks) all carried a sign instructing you to clean the pan after use.

On the second floor (where the accountants lived), the cubicles carried signs explaining how to clean the pan after use.

Money for Nothing

UK government paid consultants £680K for Brexit customs plan

Government records show the U.K. tax authority, Her Majesty’s Revenue and Customs (HMRC), spent £680,000 on a contract with consultancy firm McKinsey & Company to, among other things, assess the “commercial feasibility” of the “new customs partnership model.” That is one of two customs proposals put forward by U.K. Brexit negotiators last week in talks aimed at avoiding a hard border between Ireland and Northern Ireland.

The customs arrangement designed by McKinsey was, of course, dismissed as unworkable as soon as the rest of the EU saw it.

Hiring consultants is like wishing really hard. It doesn’t mater how much you spend — or how much you wish — the impossible will remain impossible.

I’m forever selling bubbles

Long Island Iced Tea Corp renamed itself to Long Blockchain – and its shares went bananas

Non-alcoholic beverage slinger Long Island Iced Tea Corp, which is publicly traded and wasn’t performing particularly well financially, decided to rename itself this week to Long Blockchain – and its share price soared 289 per cent.

I should start a company called “The e-Cyber Blockchain Business”. With a name like that, I won’t need a product.

Another Uber protest

Brussels taxi drivers protest against Uber

Around 200 Brussels taxi drivers staged a protest against the private hire app Uber on Tuesday morning. The drivers are unhappy about what they see as unfair competition from the app posing a threat to their jobs.

I find that my sympathies tend to be with the taxi drivers when it comes to disputes about Uber.

Ultimately, Uber is nothing more than a minicab firm with an automated dispatcher and underpaid drivers. I don’t really see why people keep getting so excited by this.

Facepalmbook

What could possibly go wrong?

Facebook has begun conducting a pilot where it solicits intimate photographs of women – and it will soon offer the service in the United Kingdom. Anxious exes who fear their former partner is set on revenge porn will be urged to upload photographs of themselves nude.

There are already plenty of candidates for worst idea of 2017. It’s nice to see that the Zuck doesn’t want to be left out.