“Sorry but your password must contain an uppercase letter, a number, a haiku, a gang sign, a hieroglyph, and the blood of a virgin.” (Click to embiggen)
Which anyone who knows anything about security knows is the most insecure way to treat passwords.
My boss called everyone in our department together and said, “Do not write down your passwords! If we get audited, I will tell them that of course we comply with the policy and of course each of you showed me where your passwords are hidden, but darn, I seem to have forgotten.” Which is what every other manager in our division told their direct reports (And I suspect a whole lot of managers in all of the divisions).
I understand how a policy like that comes into being. Someone who was the only person with admin privileges on some important system in one of the other division was out sick or on vacation or maybe even had died and there was a great deal of trouble that wound up costing a lot of money (either just from all the time spent by a lot of people trying to fix the problem and/or other people not being able to do certain tasks for a while). The solution to that is not to make every single bit of proprietary information available to anyone who can sneak into an office and snoop for a while. The solution is to make sure every system always has multiple people with admin rights. As long as you have someone with admin rights who can reset other account passwords or give other people rights to access files or whatever that are only accessible ordinarily to the one employee who is unavailable, you can solve any of the other problems.
Right?
Trying to avoid repeating a mistake is a natural (and not unreasonable) reaction when something goes wrong. Unfortunately, in some circumstances involving certain sorts of people a very simple “solution” that is worse than the original problem is adopted.
I’ve been worrying about this a little bit because as part of the move we’ve been trying to make some changes in our behavior to avoid problems we kept having at the old place. Some are fairly east: don’t let dishes pile up in the sink; it’s all right to run the dishwasher when it isn’t completely full. Others are a little more difficult to stick to: take out the trash or recycle as soon as we notice it’s full.
Those are examples of things we kept meaning to change before. There were issues with the outside garbage and recycle bins at the old place that provided an excuse to put off dealing with the trash at certain parts of the week, but the real issue was procrastination and habit. Habits are reinforced by all sorts of things, for example, getting used to seeing dishes piled in that sink. So maybe the change in visual cues will help us develop a new habit.
Some of the new ways of doing things are because of issues we didn’t realize were happening until we packed up. We discovered all sorts of unexpected things lurking in the back of closets, or the back parts of shelves we couldn’t see easily, or behind furniture that was seldom moved.
But I also recognize that slavishly adhering to rules without regard to unintended consequences can create worse problems. So I’ve been trying to think of this as merely establishing new norms: not strict rules, just expectations.
And maybe that’s the secret: don’t be inflexible!
