Walworth County Government Today: Managing passwords can be a full-time job
I recently read a report that Russian computer hackers stole 1.2 billion passwords from Internet users worldwide. At first this total seemed shocking until it occurred to me that I probably have several million passwords myself. I have never taken the time to count them, but from the minute I get up in the morning until I go to sleep, it seems that I am constantly typing usernames and passwords into a computer or cellphone. For most people, apparently, including my kids, this isn't a problem. For those of us without stellar memories, however, the task is not only time consuming, but demoralizing. I know enough to quit after about two failed log-in attempts, because the third usually requires a call to some help desk and intensive, even painful questioning, which includes my mother's maiden name and my first, and long deceased, pet terrier, Muffet.
My frustration over passwords has increased in recent years. At first I blamed myself, as I have become conditioned to do whenever I can't get any mechanical device to work the way it is supposed to. There is more to this problem, however, than my poor memory; two issues that come to mind are the proliferation of password protected programs and new security measures.
Even if I unsubscribed from all of the optional, but useful computer sites, such as the newspaper, online banking and Amazon, I need nearly a dozen passwords just to do my job at the county. I need a password just to boot up my notebook and a separate one to log onto the network. Email requires its own password, as does approving time cards, evaluating an employee or checking on the status of a lawsuit with our insurer. I used to employ a work-around to this problem by having a universal password for all of my websites, such as 123, but the security industry put the kibosh on this practice. Now, nearly all of my passwords must be changed every few months. I even get a 15-day warning from Microsoft that my password is about to expire, inviting me to change it before it does. That pop-up makes me angry. I suspect other people don't get that message and like Hal in the movie “2001,” my computer is simply taunting me because of my memory problems.
Finally, to compound my problems, I am encouraged or even forced to invent a “strong” password, using keys that I never even knew existed on a QWERTY keyboard, such as the left bracket or little “caret” located on the No. 6 key. Given my trouble in remembering the name of my first pet, I don't stand a chance with these exotic characters.
I know that writing the passwords down defeats the purpose of passwords, but that is exactly what I used to do when I owned a BlackBerry phone. It had a password “vault,” which itself required a password to open, in which I could store all of my passwords. When my BlackBerry finally died, which itself was exciting and the subject of a column, I switched to an Android phone. After I closed that deal, I asked the salesman, who was about the age of my kids, where the password vault was on my new phone. Fortunately, he didn't look at me with pity, but with complete disbelief. The concept didn't even register with him and, needless to say, I haven't had a password vault since. I've since learned that there are password manager applications but, and this should come as no surprise, these programs themselves can be hacked. I suppose it's human nature that whenever someone invents a useful process, others will spend time trying to profit from it illegally.
All of these security issues make me wonder whether we are not far from the day we will retrieve all of those old carbonless forms from storage and dust off our remaining typewriters (we still have 77 of them in county government). Personal computers, one or more of which now sit on most desks of most employees, can be relegated back to such mission critical tasks as playing “Minesweeper” and solitaire, and the U.S. Postal Service will return to profitability as “snail mail” will be the only way to communicate personal information without it appearing on someone's Twitter feed.
It's fun to joke about Russian hackers, but when I mention it to county Information Technology Director John Orr, he isn't laughing. Not one to resort to hyperbole, John talks about the attack on our systems as his staff attempts to repel the millions of spam emails and thousands of viruses that are launched against our network every year.
Departments want the newest and latest technology to serve the public, and I applaud them for their vision. On the other hand, there are worse things than not being able to apply for a permit with two mouse clicks or pay a county fee with a linked credit card. Target Corp. found this out the hard way last year. The county will continue to move its technology forward, but not at the expense of security.
Dave Bretl is the Walworth County administrator. Contact him at (262) 741-4357 or visit www.co.walworth.wi.us.