2012-02-09 20:30 Is it cool to be cruel as a Network Admin?

Post date: Feb 10, 2012 4:45:45 AM

There are plenty of humorous stories floating through email and on the web about how silly the mistakes and misunderstandings can be between the people who specialize in working with computers and those who are mostly ignorant of the black magic that makes computers work. People who have plugged the power cord into itself, the legend of someone trying to order a new cupholder because they had been using their CD ROM tray for one, the persistent rumor that someone took a picture of what was on their monitor by putting it on the copy machine... there is probably a grain of truth in all of them. All of us make mistakes that seem silly to the people who know a subject far better than we do.

With that in mind, I try to always be patient when trying to educate people and reassuring when they blunder in ways they are embarrassed to admit. I prefer to be the nice guy that makes your life better rather than that IT guy you put up with because you need him. Sometimes I worry that I am seen as that guy anyway, so I try hard to be nice.

But there is temptation. No, I'm not talking about spying on your internet usage or snooping on your emails. Stupid IT people do that, it can only end in suffering. Even if you get away with it, it makes you a worse person. I'm not talking about making people feel bad either, because really that's kind of childish.

What I'm considering is a murkier depth of cruelty. I'm considering being cruel for the betterment of the user. I already kind of do this. We work with sensitive information that we are absolutely obligated to keep secure. We work hard to do that. When somebody leaves their computer screen unlocked while they are away from it, then they are committing a minor security faux pas. The most common theft for my industry is insider theft. Leaving your screen unlocked could allow a co-worker who has decided to steal a way to do so and blame it on you. Or they could access information that you have access to and they should not.

The most politically correct is to report the offense to the manager of the employee making the mistake when it is witnessed. I don't like to do that and managers and even IT people know that we do it too, so enforcement always seems a little hypocritical. I will do that where the manager or employee is particularly sensitive to the other method... that other method being to take a moment to mess up their background or move their task bar around. I never do anything serious, but always mildly annoying. After a couple times people see me and think to try to remember that they locked their screen like they're supposed to. That's my goal really, I want them to think about it. It is a very mild cruelty, but done with humor and never malice and people usually take it in stride.

But I am considering taking up the practice of a greater cruelty to address a greater problem.

Passwords are the problem. They're a problem for everyone. It seems like every system that has anything you might remotely care about requires a password. Invariably if you try to commit them all to memory, you will use very insecure passwords or forget them. This means that the average human being requires some sort of method for managing their passwords. In my industry, this is compounded by systems that have complex rules for what make acceptable passwords and requiring them to be changed on an irregular but frequent basis.

To deal with this problem, we encourage the use of password management tools. I absolutely love Lastpass. It remembers my Internet passwords for me and does it securely. It goes with me wherever I go and all I have to really remember is one really good password. A good alternative is KeePass which does much the same thing and works even without the Internet (though it doesn't fill in passwords on web pages for you as well.) A less good but acceptable alternative is putting your passwords in a password protected spreadsheet. Excel will let you protect your spreadsheet with a pretty strong encryption system. Yet another method is to store your passwords in an encrypted zip file. If you must, you can store your passwords in something that you protect like your phone.

Nonetheless passwords are a problem.  People write them down on post-it notes. They write them in little books. I don't really think either is exactly bad in itself, but they leave the books or notes where someone could find them which actually makes it more unlikely that the person who uses them nefariously would get caught.

We get regular calls by people who refuse to learn to use a password tool. We find notes. We find books. This is where I begin to consider cruelty. For those people who leave notes, I am considering stealing them. For the books, I'm considering hiding them. But worst, for those people who just refuse to learn any way to keep their password safe, I'm considering setting their passwords to a string of insanely difficult to remember characters and not leaving it up to them to immediately change it. Imagine that your password was Yc4Q!9$8*g$3ZPB8!ERChgCxK6$MuTHX*c1Up#k#ArNIA . There is no way that you'd try to type it each time. You'd absolutely have to use a password manager. We already use a system that generates ugly passwords like that as temporary passwords, basically forcing people to cut and paste to get their password of preference set. I'm considering making it so that they cannot change to a password of their preference.

Think on that a minute. What if everytime you had to call to get  your password reset, you were stuck with a password like that for a month. You'd learn to use a password tool all right. You'd learn or quit using that system, but I'm the guy that controls access to the tools you have to use in order to keep your job. If I do that, it isn't a suggestion that you have to deal with, it is a forced adaptation.

I haven't done it. I probably won't. I don't know if I should be that cruel, even for a good cause. Should I?

I might.