The Forums › Forums › Tools, Techniques & Treatments › Organizing & De-Cluttering › Any IT people with a lot of passwords?
-
AuthorPosts
-
November 23, 2011 at 9:15 pm #90222
Looking for any IT people who are also very ADD/ADHD.
In my work, and my responsibilities, I have a lot of “keys” – a LOT of IDs, passwords, and so on. It’s getting worse. We now need to use unique accounts to manage different sorts of equipment, do our daily routine stuff using a non-privileged account, and change passwords at least every 60 days for most accounts.
That’s a ton to remember – I have trouble with my own address, and my timesheet account on the mainframe. I transpose numbers, I think I recall a passkey as having 5425 and it’s REALLY 5245 – I find out after locking the account with too many tries.
OK, the point – I need a crutch as it were – a tool, something that I can keep with me that will track various login IDs accounts and passwords.
HOWEVER, writing it down and keeping it in my pocket or wallet, well, gee, isn’t that dumb. lose it and suddenly someone has full access to a ton of government computers!
My team lead suggested a tattoo – on the inside of my eyelids. Problem is, I’d have to have it redone every so often (he was joking….. I think?)
Ideas? remember, this is government – critical, confidential, and if lost, MUST be protected with encryption, a PIN or be otherwise “uncrackable”.
What do other ADD’rs do if they work IT or are responsible for a lot of passwords?
REPORT ABUSENovember 24, 2011 at 1:04 am #109815I have a cheat sheet with all my account login ids and passwords on it. But as you say that can be a security risk.
I thought that if I ever get inspired, that I would have a prefix-suffix password scheme. For example, pick a prefix password which would be common for all accounts (Bi11e) and add a mnemonic suffix unique to the account. Bi11emc for mastercard, Bi11evs for visa, Bi11eadd for this site, etc. You could also use the hex value of the ascii for an alphanumeric mnemonic.
When you change passwords change the prefix (Bi11e) to something else and keep the suffix. That way you only have to remember the prefix as it changes. The suffix remains the same and its mnemonic trait helps with the recall.
REPORT ABUSENovember 24, 2011 at 1:36 am #109816
AnonymousInactiveNovember 24, 2011 at 1:36 amPost count: 14413Bill, when my husband worked for the federal govt here in Canada they gave him a stick that generated a password every minute or so, that was for online access (of course, you would also have to know what other information to provide, like username). Is that something you could get? That way, you wouldn’t have to remember anything, just key in what popped up on the stick. I think PayPal offers this, I am thinking about getting one.
I am overwhelmed with all the usernames, passwords and websites that I belong to. I actually keep scraps of paper in a ziplock-style plastic file folder so they are with me when I need them. I have also logged most of them in an excel password-protected file too.
REPORT ABUSENovember 24, 2011 at 1:43 am #109817I used to work in IT. Keeping track of passwords, etc. is a tough one. I had to write them down. Where I worked, I also had to give my password for the mainframe to one other person so if I was unavailable for any reason they could access the company computer. While I was with that company, I wrote them on paper and hid it in my office. Believe me, my office was always a mess but my filing system was color coded (still became a mess after a while) and I hid it in the back of an unrelated file. Still I was not doing government work. I know from experience that putting such a file on a memory stick is not a good idea. After I left that job I got into trying to find work online and developed a very long list of sites, logins and passwords. I had put it in an excel spreadsheet on a memory stick and last July that stick was lost due to my extreme depression. Whatever you decide to do be careful.
No_dop I love the ziplock bag. I have done that with receipts and other scraps of paper I have written things on especially when cleaning out my purse only I was using an actual ziplock bag.
REPORT ABUSENovember 24, 2011 at 1:45 am #109818
AnonymousInactiveNovember 24, 2011 at 1:45 amPost count: 14413So I’m not the only one with this issue. 😳
I’ve got the same issues with my load of passwords. They have to be changed constantly as well which only adds to my confusion. Being a dinosaur with the use of the computer is still another factor. Add to that I’ve gpt the world’s strangest brain and it seems to function in a totally illogical fashion (those are all my DH’s two cents worth on my brain) and it would seem I’m just about hopeless when it comes to keeping track of my passwords.
I just learned today that I’ve got a new secure site that I’ve got to go to which means yet another password. Argghh! I was already beginning to make plans to ‘hide’ some of my passwords in an easy to find place because the Christmas break will be upon us before long. After any holiday longer than a weekend, I forget even my everyday passwords.
Some days, I just tell myself that if anyone finds my passwords and wants to log onto my work sites, well, they’re welcome to the load of grief and stress that they will find there! Driving home today, I was seriously considering thinking I should find a less stressful job. No pats on the back ever come my way in my line of work. I try to remind myself that there are still occasional times where I derive some personal satisfaction from my job. *sigh*
Password woes are just one more nail in the coffin. I’ve been away from my current work location for 5 years and just returned back to the same building. Even the photocopier needs a code before it can be used. At least that code is assigned to me. When I requested my personal code for the machine, I was told, “Don’t you remember it from before? It is still the same one!”
Really?? I’m supposed to remember my personal photocopier’s code from 5 years ago? The location I was at for the last 4 years required a code for the photocopier, too! A different one!! And I’m supposed to remember my old one from 5 years ago?
Passwords for my secure sites will be my doom.
REPORT ABUSENovember 24, 2011 at 5:46 am #109819
AnonymousInactiveNovember 24, 2011 at 5:46 amPost count: 14413guilty of writing them down and keeping them in a non-secure location!
I do have a pattern of passwords with combinations that i use which is helpful and I can often go without writing them down, but not all the time. ie a certain email is tied to a certain prefix.. which is tied to a year.. so on.
a lock box?
if you were a 6 year old, then in your underwear would be the answer lol. life is too complicated!
REPORT ABUSENovember 24, 2011 at 1:25 pm #109820
AnonymousInactiveNovember 24, 2011 at 1:25 pmPost count: 14413I do have a password-protected excel worksheet with most of my passwords on it, with a completely unrelated filename to try to disguise it.
I have all of my files on either a small USB stick or a portable USB hard drive. I have two other portable USB hard drives that I back up to (not as frequently as I should, last week I dropped my main USB hard drive, luckily no damage to the data but the case fell apart a bit). I have problems with dropping things in the morning so I need to be more careful. I also use a netbook, and everything goes into a computer knapsack which goes everywhere with me, so I am not as likely to lose it. I agree, the little USB sticks are easily lost – I actually have one that’s a thin wafer, very, very tiny and therefore easily misplaced.
My password bag is not really a ziploc bag, it’s a zippered sturdy see-through plastic file folder, with an open outside pocket. I have two of them. I also have some open-ended plastic file folders. As I get busier, I segregate my important paperwork and I couldn’t live without these – if it’s out of sight, it’s out of mind for me. The Solutions Store sells the zippered ones, and although they are not cheap, they are worth the $.
LOL, sugargremlin, going shopping now to look for underwear with pockets
REPORT ABUSENovember 24, 2011 at 1:28 pm #109821
AnonymousInactiveNovember 24, 2011 at 1:28 pmPost count: 14413zsazsa – after a one week break, I can’t remember my passwords, that’s because I have more of a finger memory for them (I’m a touch typist), so not doing the pattern regularly means I forget them.
REPORT ABUSENovember 25, 2011 at 12:15 am #109822I have a document “on the cloud” with that information. That way I only have to remember one password to get access to all the passwords, and it’s a lot of passwords, let me tell you. Pages and pages of them. I’m afraid about whether this is secure enough, but it’s the best thing I’ve been able to come up with so far. If someone did hack it, would they know what company, town, country, etc. the passwords belong to? Hopefully not…
I also use a similar system to what kc5jck brought up – parts of the passwords remain consistent so there is less to memorize. (Not that I succeed in memorizing much). I will try to remember once or twice, but then look it up. It is oh so embarassing to get locked out when you are supposed to be the “expert.” Luckily, I can access my password document via smartphone even when I’m in the field.
Fun idea – I use words I don’t know how to spell as passwords – then, by the time I have to change the password again, I’ve learned to spell a new word – Yes, I like to torture myself
REPORT ABUSENovember 25, 2011 at 1:07 am #109823
AnonymousInactiveNovember 25, 2011 at 1:07 amPost count: 14413I have a similar issue with passwords at work or at home for bill websites. The ones at home I have written on a little notepad. The ones at work I put in file that I have access to as soon as I get on the computer. The hard part for me is remembering to put the new passwords in that file when I have to change them. (some after 60 days, some after 90 days ect) Also coming up with new ones that fit the requirements and that I’ll remember, they aren’t supposed to be real words, but I’ll never remember some random letters and numbers.
REPORT ABUSENovember 25, 2011 at 2:46 am #109824OK – here’s why some of those won’t work.
I can only choose MY passwords for my own accounts. For SQL admin, server admin, routers, well, you get the drift – it’s not MY choice meaning that someone ELSE assigns the passwords and ID.
That means to log in to a router, it might require a different user ID than to get into SQL – and each will have different passwords, none of which would be my choosing.
I could end up having to track 6 different login names, and that many or more passwords, all of which will change routinely, then my own, of course.
Further – to get caught writing them down on paper means disciplinary action, possibly even termination – it would look really bad with my title “network security administrator” don’t you think? LOL
We can’t use the “secure ID” sort of system with the card or stick as for our own accounts and many others, it validates against active directory – meaning that it’s a static ID for that user, but the password is in active directory (Windows networking) for 60 days when it expires and you must change it. I’m not really too concerned about my own passwords I use for daily work, even the password I”ll use for administrative duties, it’s more for the password protecting other items.
I’ll have an ID and password I use daily for ordinary work, etc. – it will be basically my name and a password of my choosing, and will expire every 60 days. That I can figure like I’ve always done with a mix and I just change parts of it each time.
I’ll have an ID and password for my work where elevated privaliges will be needed – server updated, maintance, installing or configuring software on servers, and so on. Same as above, but more secure, and more of “god right” to the network.
Then there will be the ID and passwords for SQL databases – not my choosing, but still need to know them.
There will be ID and passwords for routers and switches – as long as they are connected to the network and can access an ACS server, I can use my ID and password – but if the network connection is lost (which is one reason I’d get into them) then I have to use a different ID and password not of my choosing.
There will be passwords that different server services will use to launch and run, and those will change……
It’s going to be a mess, but it’s required. Frankly, I’m one of the persons who pushed for this security, besides the fact that it’s being required for our SSA info, and the state central IT is moving that direction. I’ve told them for years that passwords that never change are a huge risk, especially if someone leaves. Using the same password for all means that if one thing is hacked, then it all is.
For home use passwords and personal accounts, I can choose ID and password – but then, one should never ever use the same id and/or password for multiple things as if someone ends up hacking on, they have everything. If they hack your email and guess id and password, then they have your ebay account. If you share eBay ID and password with paypal, and they get into eBay, then your paypal is history, and so on.
I won’t put anything in “the cloud” – I know too much about it and how it works….. and the fact you have no clue where those servers are, who has access, etc. Doing so for the state would be a direct violation of multiple policies, and for us to get information from the SSA (social security administration) for our client services, we must show that we don’t store any information on non-government sites –
REPORT ABUSENovember 25, 2011 at 3:39 am #109825I just read a symantec article, and you’re right billd – this is a sticky one. Now you’ve got me looking for a better solution too. According to them, the thing to do is to write down hints to your passwords and carry that with you. They said not to use the cloud. I’m not sure if hints are good enough for us forgetful ADD’ers wanting to have strong, complicated passwords that can’t be cracked with dictionary programs…
You would think there would be some kind of device or application for that purpose… Nobody, ADD or not, can memorize hundreds of passwords. Plus – what happens if the person with all the passwords gets hit by falling space junk?
I’ll let you know if I can find any ideas…
REPORT ABUSENovember 25, 2011 at 1:13 pm #109826
AnonymousInactiveNovember 25, 2011 at 1:13 pmPost count: 14413wow, bill, that’s very complicated. I’m interested to know your recommendations for those of us with more simple password situations.
munchkin, our online bank uses questions as hints for secondary passwords. Do you think I can remember my husband’s maternal grandmother’s name (when I need to log into his account – now that I know it, there is a popular song that has that name so I sing it) or the maid-of-honour at my wedding (we had a civil ceremony, but I had to fill something in to answer the question). And if it’s a person’s name, did you spell it with a capital letter like Peter or peter or did you use an abbreviated Pete or pete? Get it wrong three times and you’re locked out for 24 hours.
I’m thinking about getting a tattoo (and I’m not a tattoo person) but as bill points out, often we are forced to change our passwords, and aside from that, I’m worried about someone dragging me up to an ATM and reading my butt tattoo (ok, not really, just added that for a laugh)
LOL about the falling space junk! But it’s valid, what if you get hit by a truck on the way to work. That’s always what I think of when I take myself and my work too seriously – it’s not a good thing to be the only person who can do something or has sensitive data or knowledge that’s key to operating a business or anything, really.
REPORT ABUSENovember 25, 2011 at 4:33 pm #109827
AnonymousInactiveNovember 25, 2011 at 4:33 pmPost count: 14413I soooo sympathise with you Bill. I would hate to remember multiple passwords that I haven’t chosen. The very few I have (that I did not select myself) are years old and are short, and I still manage to forget them at times. One of mine I remember because it was a postcode – not intentionally, but I noticed that it had the right amount of numbers etc for a postcode, and googling turned up the name of the place it was a postcode for. Made it much easier to remember, because a place name could be written down in many forms (eg. xxxxxxx caravan park) in a diary or in a phone memory, and the actual code wasn’t there in plain view. The other codes have escaped me, but I do try to make words out of them, or find some other way I can jog my memory without writing the code itself down.
Hubby used to have to change his work password every month, and he would pick a set password, then add something like 01, 02, 03, or Aug, Sep, Oct, or similar (to correspond to the month), to a set place in his password when it was time to change, and he would also have the year (either in numerical form, or the animal that it was the year of…Boar, Tiger, Dog) so that he could continue the trend for many years, but not be TOO predictable. Now he is unable to keep any part of his old password when he changes it, but he still manages to remember them all….but he gets to choose them, which is a huge bonus.
REPORT ABUSENovember 26, 2011 at 9:10 pm #109828Shouldn’t it be the responsibility of a supplier of passwords to employees involved in high security type businesses or government offices etc to figure out a system for you to “remember ” your password in a way that it can’t be compromised? Seems silly to me to go to all the trouble of rendering constantly changing secure passwords and leave it up to the individual to make sure that it stays secure. It’s not just people with ADD who can’t remember this stuff!!!
I must confess I don’t use a secure location either, just a notebook and write them down. For work I also am assigned a password I have no control over and write it down in my book. I know it’s not a secure system but can;t think of anything better. Now I did buy a gizmo last year which reads your thumbprint and you can use it to sign in to your computer or websites etc. However haven’t opened the package yet
I have since heard that these can malfunction from time to time so aren’t that foolproof. I think you have to enter some sort of numerical password into the gizmo anyway. It sure would be a royal pain if they malfunctioned and you couldn’t even sign into your computer!
I will set it up and report back…
REPORT ABUSE -
AuthorPosts