Thursday, April 15, 2010

Password stupidity.

What is it about passwords that baffles the living hell out of people? I mean, some people when confronted with the "Your password has expired" message just shrug and change their password and move on with their lives. Others (as will be demonstrated) couldn't be any more stumped if you put them in front of a pile containing all the parts required to assemble a particle accelerator and told to have it ready by next Tuesday.

Case in point is the user Alicia Kasnowski where I work. This is not her name, this is an alias used to protect the innocent.

Midnight comes and I clock in. Five minutes later and she calls that she cannot get to the employees-only section of the company website (which contains training, news, job openings available, etc). Fine. I look up her account and I see that her password is expired. In fact it is showing me the "user must change password at next logon" message.

Ok, now since she insists that she has been using the password she hasn't forgotten it, this means that this is simple. I normally do not believe anyone who tells me that they haven't forgotten their passwords since they normally only go into the website on every blue moon (a "blue" moon being one of the rare months when there is 2 full moons falling in it). But in this case, since I'm getting the expired message I'll give benefit of the doubt and assume that the 90 days has elapsed.

So I inform her of this. "But it hasn't been 90 days!" she tells me. "Bullshit" I think to myself. I then instruct her to go to the change password page and follow my instructions which includes these 5 simple steps.

Step one, type in your user name.
Step two, type in your current password.
Step three, think of a new password following the guidelines posted below.
Step four, type it in where you see "New Password" and "Confirm Password"
Step five, click "ok"

I once got gently chided for stating that end users like this person are as dumb as a chimpanzee. I agree and retract that statement. Most Chimps would have fucking nailed this.

So the call ends and that should be the end of it right? Wrong!

User calls back and tells me that it isn't working. Ok, it isn't working...and it took you 30 minutes of banging your head against the screen to finally call me back? So I unlock the account and give a temporary password that is pre-expired thus still requiring her to pick a password easy to remember yet hard to guess.

30 minutes later and she calls again. Still not working. I ask if it's a password she's tried in the past (no) was it derived from her name which is disallowed (no) is she sure she's following the guidelines (yes).

I even check the Active Directory tool and it shows that she no longer has an expired password. This means that in one of her attempts, it took her gorram password. And then she promptly forgot it.

So I re-reset her password to the temp one and have her come down to my office so she can have a new password selected. I'm even being a real asshole about it, I'm not going to use Window's Active Directory tool do do this with, but I'm going to have her do it the correct way that she has access to. I'm going to train this end user if I have to saw off the top of her head and tattoo the instructions on her pre-frontal lobes.

She comes down and tries to open the door that has a sign on it that clearly says "This is not an entrance". Doesn't try the door that has the sign "IT Department" on it in big gold colored letters that is right NEXT to the "This is not an entrance" door AND is unlocked...but tries the wrong door and then calls me on the phone wanting to be let in.

At this point I'm thinking that she fall out of the stupid tree, hit every branch on the way down, picked herself up and dusted herself off and then had the tree fall on her.

So I let her in and she picks out her new password which is too short (not abiding with the guidelines) has part of her name (which she denied previously) and she admits to being the same one she "thought" she was using (which she denied previously). I convince her to actually read the instructions (RTFM - READ THE FUCKING MANUAL!) and select a completely new password. IT gives her the "Password has successfully been changed" message (yay!) and that should have been the end of it right?

Wrong! There is still one more zinger to go.

She pointed to the screen and told me that that was the "error message" she got before.

Yes folks. She saw the message saying that the password had indeed been changed to what she wanted it to be...AND THOUGHT IT WAS AN ERROR!

The dent in my desk is a little deeper tonight and I have a headache. Is it any wonder why?

1 comment: