I’ve always been bothered by ridiculous password policies in many organizations. Frankly, they strike me the same way that many aspects of airport security strike me, which is to say that they are there to give you the semblance of security, but are in fact ineffective, and get in the way of doing something productive.
Mike Fitzmaurice, a friend of mine posted the following cartoon on his Facebook wall this morning, which I think really puts this into perspective.
The problem comes from policies that are developed without a true understanding of the underlying technology. This gets compounded with policies that require users to change their passwords periodically. So what happens when you are confronted with a situation like this? You take this password that is difficult to remember (and in some cases difficult to type) and you write it down on a piece of paper. No amount of instruction will prevent users from doing this – they’re really being forced to do this.
Some time ago I attended a security seminar where a representative from CSIS stated that 90% of all passwords are stored on paper within 5 feet of the computer that they access. The problem isn’t the strength of the password, it’s the strength of the user’s memory.
To me, these Byzantine security policies only serve to defeat their own purpose. Here’s my policy – choose a good password that you can remember, don’t write it down, don’t tell it to anyone, and unless compromised, never change it. I would urge many IT organizations to adopt their policies accordingly. Let’s not forget that the purpose of information technology is not to impose policies, but to support productivity.
It’s been some time since the last SharePoint Conference, which was held in Las Vegas in October 2009. The next one is being held in Anaheim, from October 3-6, and registration is now open. The past few SharePoint Conferences have sold out very quickly, so if you’re interested, I would suggest moving quickly.
Registration is online at http://www.mssharepointconference.com. Registration is $1199 per person, and Microsoft has reserved a block of rooms at 3 hotels adjacent to the convention center for between $155 and $165 per night.
You may have noticed a change to the header of this blog. My company, Second Foundation Intelligence is in the process of a name change to UnlimitedViz. This is being done to better distinguish what we do with SharePoint and Business Intelligence from the ERP focused activities of our sister company, Second Foundation Consulting.
It looks like 2011 has begun very nicely for me, as I awoke to find an email from Microsoft notifying me that I had been given an MVP award for 2011! The MVP program has been around since the early 1990s, and according to the email, awards are granted to “exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in SharePoint Server technical communities during the past year”. Certainly more praise than I would accord to myself, but I’ll take it!
If you read this blog, what this means to you is that I will be in a better position to see and work with new products earlier, to have better access to the product teams at Microsoft, and to be better able to interact with fellow MVPs. Taken together it means that the advice offered here will be better, and hopefully more frequent.
I would also like to take the opportunity to thank Stephen Giles and Simran Chaudhry from Microsoft Canada, who both thought I was a worthwhile candidate, and who worked hard to make this happen. I would also like to thank Alain Fournier,Erik Moll,and Arshad Pathare, also all from Microsoft Canada, who have believed in Second Foundation Intelligence, over the past few years, and who are also strongly advocating on our behalf. Finally I would like to thank my business partner Ed Senez, who makes the business run, and everyone else at Second Foundation Intelligence, who has to put up with me on a daily basis.