Lost passwords on a Sunday Morning

This Sunday morning I was waiting at the gate for my plane. Generally I hate traveling on the weekend unless I’m on vacation but the
customer could only do a Monday morning meeting.

Someone else was traveling on business too – I’ll
call him "Mr. yellow shirt." Mr. Yellow Shirt was distressed. Not only had he
forgot to wear a belt, but he had also forgot his network access password.  (Gold Systems just release a password reset application,  but I am not making up this story as an excuse to blog about it. This
really did happen.)

Mr. Yellow Shirt just had to have access to the
network. His business Card, in plain view on his laptop case,
indicated that he worked for a Really Big Consulting Firm. He whipped out his
cell phone, punched a speed-dial button and waited patiently. "Norman, hey buddy
I’m sorry to call you at home on a Sunday morning but my password isn’t working
and I really need access to the network." Long pause, presumably as Norm gets out
of bed and logs into the network to reset Mr. Yellow Shirt’s Password. Passwords
generally don’t just "stop working", but I’m guessing they both know that Mr.
Yellow Shirt just forgot his password again. Now that Sarbanes-Oxley (or more correctly, the people interpreting SOX) is
mandating frequently password changes, this sort of call is happening a lot
these days.

"Hey OK, that’s great – Q W E R T Y . Just a second,
let me write that down . . . OK, that’s Q . . ." At this point Norm must have
told him not to repeat his password out loud in a busy airport where anyone
could be listening. Norm probably also made a mental note to give out even
easier passwords than the top 6 letters on the keyboard because the only thing
worse than saying a password out loud in public is to write it down.

Mr. Yellow Shirt thanked Norm again for helping him
out and wished him a good rest of the weekend. I’m sure Norm appreciated the
wake up call and the chance to start his day bright and early. Just then they started boarding our
flight and Mr. Yellow Shirt hurried off to his business class seat without
getting a chance to login and change his password from "Qwerty" to something
easier to remember. According to the in-flight map, Mr. Yellow Shirt and I are
just now passing over Harlan County Lake, Nebraska. The temporary Password that
Norm assigned probably just expired, so Norm’s going to get another call this
afternoon.

This is a true story and it is costing help desks
and IT departments time, money and security. Norm, if you are reading this give
me a call and let me tell you how Gold Systems’ Password Reset could have let
Mr. Yellow Shirt reset his own password securely using just his voice and a
telephone. It’s less than the cost of even one of your help desk agents and it
works 24 hours a day. (Don’t they have better things to do? Gartner estimates
that about 25% of all calls to help desks are now password reset requests.) With an
automated solution, you don’t have to worry about the help desk giving out passwords to a
cracker with a good story. Even better, you could have slept in this morning.