So, I got locked out of my Cisco “everything” account recently. At first I thought it was just my home router acting up, but after a couple days I called IT for help, and they asked me to reset my router, and my modem, and then when that was done they informed me that maybe my password had expired.
Long way of getting to the story. I hate when my password expires. We have pretty stringent rules about passwords here at Cisco. I appreciate that. I just don’t want to change my password. You see I have (guessing) at least 20 sites that I use, all have different password requirements. Some have unique requirements for User Names too.
So I have figured out that from now on, the day that I change my company password I am changing all of my other account passwords too. At least within Cisco they synchronize all of the passwords. But I still have all my individual accounts, and I’m quite sure they sit there and watch, here comes that idiot, requesting a new password. Why can’t these people remember their password, they likely wonder while they smirk.
To some degree it is a matter of how often you go to the website, I suppose.
That prompted a thought, about Manufacturing. There are so many devices spread throughout a plant, and the absolute WORST thing would be to have a common username/password for all the workers, or to put it on a sticky on the terminal. But then again, hopefully there is no personal information stored on that plant device. Right? So maybe it makes sense in some cases. What do you think of that?
Is a better scenario to assign authorized workers a unique name/password and let them sign in at whatever station they are and be allowed whatever privileges they should be allowed? And if, for instance, somebody had programmed a robot incorrectly, or a line jam occurs, wouldn’t it be nice to know that the individual that saw a line malfunction could stop it? And we could log all that happened before and after? So, yeah, maybe there needs to be a group account that allows fundamental operation of the particular machine. And likely IT needs to not force a password change for any machine operation device.
The ability to control access to a machine is critical to success and efficiency. That is the power of Converged PlantWide Ethernet. Also Secure Remote Access. We deliver that today, and are delivering that all over the world.
For me, I had to remember three separate security questions, and finally got back up and running. But at least my plant wasn’t running amok or spilling fluids all over the street. And Cisco IT was a huge asset, they got me back up and didn’t laugh at me. But indeed as I look back, I do have personal information on many of the links I use.
I’m reminded of a good friend and fellow blogger Peter Granger’s joke:
“I remember a colleague in a previous life told me he wondered why someone had such a long password:
…and the person said they were told that their password had to contain seven characters and a capital! “
Do implement a security policy. And do enforce passwords that require combinations of UPPER case/lowercase/number/special characters. Not your significant other’s name, or the word “password”. Think of “strong” passwords. A number of sites actually guide you on how strong your password is. It makes sense to enforce that. At least in cases where personal information is present. For fundamental machine control maybe there shouldn’t be a password required. For machine operational data, yeah, that likely should require a password.
Just think of who your audience is.