Thursday September 28, 2006
Thursday September 28, 2006
Password Hell
I had a frustrating password day yesterday. Like everyone I have way too many passwords to remember. Here at Sun we get a reminder every 6 months (?) to change the password on our main login. I got one a week or so ago and had been putting it off. Last Friday I finally changed passwords. Since I was going on vacation for a few days I left myself a postit to remind that I changed my password (but NOT the password or even a hint for it).
So I came in yesterday morning to my postit and the screen being locked and for the life of me I can't begin to remember what my new password is. I tried password for probably 15 minutes before I gave up and used a trick to defeat my screen lock. That only got me access to my workstation though. I couldn't send email but I could read it. It gave me time to think about the password.
I was sure that the password had something to do with aviation but I couldn't come up with it. The odd thing is I had this word in my mind, a name really and I couldn't begin to connect it with aviation or anything password related. After about an hour or two I was getting close to having to ask IT to reset my password. I said to myself "I sure wish I knew the password". Instantly I remembered it. Now here's the weird thing. The actual password had the same initial 3 letters as the word I couldn't get out of my head. Now that's not too weird except that the word my password is derived from and the word in my head the pronunciation is very different so it seems clear that my memory had filed it away alphabetically and not phonetically. In any case I was glad to finally remember the dang thing.
That is almost the end of the story. When I got home I was working on my Solaris server at home as I'm finally close to shutting down my ancient linux server. For some reason pyzor wasn't working with spamassassin. After a bit of debugging I realized that the pyzor client wasn't able to talk to the pyzor server but it was only blocked from the Solaris box. My linux box is normally my firewall so I checked that and no it wasn't blocking it. So it had to be the wireless router (which is actually wired in this case) between the two. So I went to login to the router. You can see where this is going now. I probably haven't logged into that router in 2 years. I have no idea wtf the password is. Worse I don't even know if I used as the account name. Normally I send myself some piece of email to use as a vague reminder in cases like this. No sign of any email in this case. I tried account/password combinations for probably an hour. I'd have hard reset it by now except I remember I had some strange problem in getting the router setup the first time and didn't want to do it again. After trying to think of possible passwords most of today I see a hard reset in my future...
Sep 28 2006, 02:22:56 PM EDT PermalinkComments:
thanks for reminder - I need to reset my SUNW passwd. Best solution I've found for router passwds, etc. is Cryptopad on my ancient palmpilot.
Posted by dilly on September 28, 2006 at 03:12 PM EDT #
This gives me even less confidence in Sun's single sign-on initiative. Sun doesn't seem to federate their public sites in any way. I had some hope for their internal sites.
Posted by Curt Cox on September 28, 2006 at 05:28 PM EDT #
I got that feeling that accounts and passwords are sometimes just like locks and keys: the only guys they really stop is their rightfull owners...
Posted by daniel on September 28, 2006 at 07:11 PM EDT #
Hi
"Chip and PIN" here in the UK means that you have to remember a 4-digit PIN for every debit/credit card (or be blamed for any losses: thanks banks). Like you I have WAAAAAY too many passwords to remember, so I've cancelled at least one card and use most of the others a lot less or not at all. Back to cash for many small transactions, and to the Net for some others (where you don't get asked for a PIN, and fraud is much higher). NOT a good solution to fraud.
(BTW, the Chip-and-PIN solution still isn't very secure, because it depends on EVERY retailer's security implementation amongst other things.)
Rgds
Damon
Posted by Damon Hart-Davis on September 29, 2006 at 06:25 AM EDT #
A postscript to this entry. After I wrote it I had one more idea for the router password. I went home and it worked. Of course the router config was fine and had nothing to do with my pyzor failure. That turned out to be a timeout and pyzor doesn't have a command line configurable tiemout so I had to edit the source.
Posted by fatcatair on September 29, 2006 at 09:30 AM EDT #
Post a Comment:
Comments are closed for this entry.