So secure you can't even use it
Continuation of the password saga from Monday.
IT called me Monday afternoon. I explained my problem - really that I had forgotten one or more of the 4! security questions - his reply was "yeah you really have to remember all of them". No Shit Sherlock.
So, get this - he asked for my IP address, and connected in support mode. I didn't think it was weird. I was wrong. He entered the webaddress of the email portal, and logged me on with the reset password. Then he entered the reset password onto the next screen where it was telling me to change my temporary password. Then he was going to stay connected to my PC while I entered my new password - I said "thanks, I got it from here". This was a mistake but he had been treating me like an idiot and I was in a terrible mood to begin with.
So I put in my new password. Which I had picked from my selection of passwordified swearwords. You know the kind - where you change some letters to numbers take out some vowels and put an ! at the end. Your human pattern seeking brain can see the phrase, and it makes you smile everytime you get to type it, but the computer basically sees random characters.
This system shows the password requirements next to the "new password" fields. And they get a green check mark as you meet them. The "submit" button is disabled too, until you meet all the criteria.
All the lines had little green check marks. The submit button became active, and I clicked that mo-fo. And the system thought. And thought. And then it said that my password failed to meet one of the criteria. And it dumped me back onto the change password screen, with empty fields...
I rage-quit. I rage-quit the system, and the work day.
Tuesday, I reopened my ticket and explained what happened and that I couldn't try again because I wasn't given my temp password. Dude called me again, left a temporary password on my voicemail. I did not feel capable of dealing with it on Tuesday.
Wednesday, I give it a shot. The temporary password does not meet most of the security criteria. The system tells me that my session couldn't be established. I try three times. I thank the goddess that I saved the voicemail, and go back to check - yep, I got it right. I try again. After the fifth, most careful try. I give up. I later learn that this message means my account is blocked.
I get an email after COB Wednesday asking me to call IT to tell them how it's going...
I call IT today, and I'm on hold for 10 minutes before I reach a human. Thankfully, not the same human who has been dealing with this up until now. This fine fellow is quite amicable. So the young man searched my last name and confirmed that my user name was Billy . Uh, no. :) I wonder briefly if I shouldn't have told him I was a girl, but if he doesn't know my log-on name, then he can't help me either way. Turns out his estimation of my intelligence isn't affected by my totally 80s female moniker!
He tells me how slow the system is, and discusses how silly it is that my agency isn't even using these addresses yet, but our passwords still expire...very relatable. Just to be sure, he does the thing to unblock my account. Then he sets a new temp password and emails it to me at my agency address. We're still on the phone. I use the temp password to log on, it asks me to change it. I choose a password from my list of random keyboard mashing passwords. The "new password" field takes the paste command. Many green checks appear. The "confirm new password" field does not take the paste...hm, stupid IT people...I type it in. The last green check appears (passwords must match), submit is active. I click submit.
It works!
It tells me I have to log out and log in to complete my password change. I click continue.
I enter my user name. I try to paste my shiny new password - it won't take it. Like I ctrl+v and nothing happens. I carefully copy it again, and ctrl+v and nothing. I think it's that IT restriction again. I carefully type my shiny new password. The password that they system accepted. Can you guess where this is going? It tells me that it can't log me in because my username or password is incorrect. I try again and again, I try the temp password guy on the phone gave me, no dice. At this point, I am crying. Tears are leaking out of my eyes. I think I only sound frustrated when I tell him it's rediculous.
He's kind, he resets the password to the same temp password as before.
I go through the motions again, using a new randomly mashed keyboard password. The system accepts it...I log out as instructed by the system...This time it finally lets me back in. Success! It's now 10:10, four days, three calls to IT, and 40 minutes on the phone, and my password is changed.
All this time he was also assuring me that I could change my challenge questions once I actually got logged in. Turns out - only if you can remember your old answers...
IT called me Monday afternoon. I explained my problem - really that I had forgotten one or more of the 4! security questions - his reply was "yeah you really have to remember all of them". No Shit Sherlock.
So, get this - he asked for my IP address, and connected in support mode. I didn't think it was weird. I was wrong. He entered the webaddress of the email portal, and logged me on with the reset password. Then he entered the reset password onto the next screen where it was telling me to change my temporary password. Then he was going to stay connected to my PC while I entered my new password - I said "thanks, I got it from here". This was a mistake but he had been treating me like an idiot and I was in a terrible mood to begin with.
So I put in my new password. Which I had picked from my selection of passwordified swearwords. You know the kind - where you change some letters to numbers take out some vowels and put an ! at the end. Your human pattern seeking brain can see the phrase, and it makes you smile everytime you get to type it, but the computer basically sees random characters.
This system shows the password requirements next to the "new password" fields. And they get a green check mark as you meet them. The "submit" button is disabled too, until you meet all the criteria.
All the lines had little green check marks. The submit button became active, and I clicked that mo-fo. And the system thought. And thought. And then it said that my password failed to meet one of the criteria. And it dumped me back onto the change password screen, with empty fields...
I rage-quit. I rage-quit the system, and the work day.
Tuesday, I reopened my ticket and explained what happened and that I couldn't try again because I wasn't given my temp password. Dude called me again, left a temporary password on my voicemail. I did not feel capable of dealing with it on Tuesday.
Wednesday, I give it a shot. The temporary password does not meet most of the security criteria. The system tells me that my session couldn't be established. I try three times. I thank the goddess that I saved the voicemail, and go back to check - yep, I got it right. I try again. After the fifth, most careful try. I give up. I later learn that this message means my account is blocked.
I get an email after COB Wednesday asking me to call IT to tell them how it's going...
I call IT today, and I'm on hold for 10 minutes before I reach a human. Thankfully, not the same human who has been dealing with this up until now. This fine fellow is quite amicable. So the young man searched my last name and confirmed that my user name was Billy . Uh, no. :) I wonder briefly if I shouldn't have told him I was a girl, but if he doesn't know my log-on name, then he can't help me either way. Turns out his estimation of my intelligence isn't affected by my totally 80s female moniker!
He tells me how slow the system is, and discusses how silly it is that my agency isn't even using these addresses yet, but our passwords still expire...very relatable. Just to be sure, he does the thing to unblock my account. Then he sets a new temp password and emails it to me at my agency address. We're still on the phone. I use the temp password to log on, it asks me to change it. I choose a password from my list of random keyboard mashing passwords. The "new password" field takes the paste command. Many green checks appear. The "confirm new password" field does not take the paste...hm, stupid IT people...I type it in. The last green check appears (passwords must match), submit is active. I click submit.
It works!
It tells me I have to log out and log in to complete my password change. I click continue.
I enter my user name. I try to paste my shiny new password - it won't take it. Like I ctrl+v and nothing happens. I carefully copy it again, and ctrl+v and nothing. I think it's that IT restriction again. I carefully type my shiny new password. The password that they system accepted. Can you guess where this is going? It tells me that it can't log me in because my username or password is incorrect. I try again and again, I try the temp password guy on the phone gave me, no dice. At this point, I am crying. Tears are leaking out of my eyes. I think I only sound frustrated when I tell him it's rediculous.
He's kind, he resets the password to the same temp password as before.
I go through the motions again, using a new randomly mashed keyboard password. The system accepts it...I log out as instructed by the system...This time it finally lets me back in. Success! It's now 10:10, four days, three calls to IT, and 40 minutes on the phone, and my password is changed.
All this time he was also assuring me that I could change my challenge questions once I actually got logged in. Turns out - only if you can remember your old answers...