November 10, 2003

A Tale Of Two Passwords

Posted in General at 9:00 am by Ian

Our mailserver, Odin, seems to have some memory problems, short term memory, to be exact. Over the years, I’ve found that occasionaly, when in a bad mood, it will forget what my password is and will revert to the original password that I chose when I first came here. Now, this isn’t a catastrophic occurrence, as I remember what that password is, but it’s a little disconcerting. Plus, I’ll admit that I wasn’t especially secuirty conscious then, and I chose a password that was somewhat easy to crack.

Let’s call that first password “foo.” A month or so ago, when Odin had one of its little spells, I changed my password from “foo” to “bar,” and until a few days ago, had been using “bar” quite happily. Then I accidently typed “foo” at the prompt. Force of habit.

No problem! It would seem that Odin was just as happy to accept my old password as ever. So I called up tech support and told them them at my old password was still getting access. They sent me an email about how I could go about changing “bar” back into “foo.” I pointed out that that’s how I’d gotten “bar” in the first place, and why didn’t it work that time.

Apparently there was a password system put in place by the current sysadmin’s predecessor that is broken. It has in fact always been broken. This sysadmin has been here for at least 2 years, if I recall correctly.

Me:So, no matter what I do, the original password will still work?
Him:Yes, but the new one will also work.
Me:And you’ll tell us when this gets fixed?
Him:Yes; we’ll let everyone know.
Me:So, all this time, when you were telling us to change our passwords every x months, that was just a waste of time, right? I mean, what good is it to change passwords when the old one still works?

He didn’t have an answer for that.

::sigh::

Advertisements

3 Comments »

  1. Adam said,

    I always thought that regular changing of passwords was rather dumb anyway, I mean as long as you pick a good one in the first place and don’t compromise it there really isn’t any need to change it.

    At any rate it’s nice to know that the school responsible for all of our internet access has such stringent security measures in place.

  2. Jonah said,

    Last spring I changed my password after there was some security crack on Odin, but I quickly reverted back to using my old password just out of habit. Mind you, I never actually changed my password back 🙂

  3. Ian said,

    Good system we’ve got here.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: