November 10, 2003
A Tale Of Two Passwords
Our mailserver, Odin, seems to have some memory problems, short term memory, to be exact. Over the years, I’ve found that occasionaly, when in a bad mood, it will forget what my password is and will revert to the original password that I chose when I first came here. Now, this isn’t a catastrophic occurrence, as I remember what that password is, but it’s a little disconcerting. Plus, I’ll admit that I wasn’t especially secuirty conscious then, and I chose a password that was somewhat easy to crack.
Let’s call that first password “foo.” A month or so ago, when Odin had one of its little spells, I changed my password from “foo” to “bar,” and until a few days ago, had been using “bar” quite happily. Then I accidently typed “foo” at the prompt. Force of habit.
No problem! It would seem that Odin was just as happy to accept my old password as ever. So I called up tech support and told them them at my old password was still getting access. They sent me an email about how I could go about changing “bar” back into “foo.” I pointed out that that’s how I’d gotten “bar” in the first place, and why didn’t it work that time.
Apparently there was a password system put in place by the current sysadmin’s predecessor that is broken. It has in fact always been broken. This sysadmin has been here for at least 2 years, if I recall correctly.
Me:So, no matter what I do, the original password will still work?
Him:Yes, but the new one will also work.
Me:And you’ll tell us when this gets fixed?
Him:Yes; we’ll let everyone know.
Me:So, all this time, when you were telling us to change our passwords every x months, that was just a waste of time, right? I mean, what good is it to change passwords when the old one still works?
He didn’t have an answer for that.