'You' is the new 'Not-you'

August 28, 2017 admin Security

Credit to Author: Sharky| Date: Mon, 28 Aug 2017 03:00:00 -0700

This medical practice rolls out a new system, and when it’s done everyone has the same randomly generated temporary password, reports a pilot fish on the scene.

“I sent an email to all staff, reminding them to change their password from the temporary one that was assigned by the vendor,” fish says. “I included simple, step-by-step instructions — and I ended my email with ‘Do it now, before you forget.’

“Knowing that some wouldn’t do it, I sent a follow-up a few days later, with the following modifications:

Subject: Change Your Password — YES, this means you

If you have already changed your password, thank you. You may close this now.

If you have any questions about this, call or message me.

“The following week, a user was having trouble logging in because her password didn’t work. I learned later that she was using her operating-system password, not the application password.

“But on a hunch, I had her try the temporary password that she was supposed to have changed — and it worked.

“As I walked her through the process, we discussed my emails regarding changing her password.

“That was when she told me, ‘I didn’t think it applied to me because you sent it to everyone, not just me!'”

Sharky wants you! (Yes! Really! You!) to send me your true tale of IT life at sharky@computerworld.com. You’ll score a sharp Shark shirt if I use it. Comment on today’s tale at Sharky’s Google+ community, and read thousands of great old tales in the Sharkives.

Get your daily dose of out-takes from the IT Theater of the Absurd delivered directly to your Inbox. Subscribe now to the Daily Shark Newsletter.

http://www.computerworld.com/category/security/index.rss