[funsec] from networkcomputing - zen of password management - funny

Gadi Evron ge at linuxbox.org
Wed Sep 28 04:02:51 CDT 2005

The Zen of Password Management

Stage 1: Denial
They don't really mean that I have to change my password. It's just a 
suggestion, really, more of a guideline than a hard and fast rule. 
Really, that warning will go away if I ignore it.

Stage 2: Anger
I will NOT change my password. I can't believe that the security of the 
entire company depends on me changing my password at this time. It's 
just a silly policy that IT uses to exercise digital control over the 
rest of the world.

Stage 3: Fear
But if I change my password I might forget it! I like my password the 
way it is - right now. I probably won't be able to remember what I 
changed it to and then I'll have to ::shudder:: call the help desk. Oh 
god, why is this happening to me?

Stage 4: Acceptance
Okay, I'll change my password but I won't like it. I guess maybe it 
really is important. After all, someone used Mary's password to hack 
into the corporate database yesterday and now we're under investigation 
by like every agency with a three letter acronym. I'll do it, but I hope 
they don't think I'm happy about it.

Stage 5: Wonder
Hey, that wasn't so bad. I remembered what my password is and when I 
told Bob and Jim and the counter guy at Starback's about the phrase 
technique I use to remember it they thought I was pretty cool. I'm sure 
the guy at Starbuck's was writing down my method so he could use it himself.

Stage 6: Joy
Wow, this new password is great! I wish I'd thought of it before. In 
fact, I've changed all my passwords to match the one I use at work! 
Gmail, Hotmail, PayPal, eBay... everything! It's such a great password! 
I love it! Maybe I'll name my first born after it!

Two weeks later ...

Stage 1: Denial
I can't believe I changed my password and told the counter guy at 
Starbuck's about it. I can't believe he used it to buy a giant cheetoh 
on eBay with my PayPal account and spammed everyone at corporate HQ from 
my Hotmail accout. At least he didn't...oh my, why are those men in 
suits with dark glasses coming my way? They aren't, they're just ... out 
for a stroll. I'm sure of it. Turn around and face the screen and 
whistle, they'll just pass me by, I just know it!


My blog: http://blogs.securiteam.com/?author=6

"The third principle of sentient life is the capacity for self-sacrifice 
--- the conscious ability to override evolution and self-preservation 
for a cause, a friend, a loved one."
	-- Draal, "A Voice in the Wilderness", Babylon 5.

More information about the funsec mailing list