Back in the groove

August 18, 2008

You can tell I’m back in school because the trash can in my kitchen is overflowing and includes a precarious stack of take-out containers. (I swear, I’ll get to it soon.) Also by my backpack crammed full of weighty tomes. This time, they’re on topics like civil procedure and torts rather than aerodynamics and solid mechanics, but they’re still just as dense, jargon-filled, and pricey. Good times.

Not even kidding, by the way. Thus far it has absolutely been good times. A bunch of reading already, but it’s actually been quite interesting. I am enjoying this.

In other news: I’m extremely unhappy with some aspects of my Very Expensive University’s IT setup. They maintain a “portal” providing access to a bunch of different things, like schoolwide announcements, class listings, assigned reading, syllabi, email, and so on. Even before I was enrolled, I was granted limited portal access as an admitted student. At that time, I created a username and password for the portal, which later served as my username and password for school email. As was my wont, I selected a password that was mixed-case, included numerals, and didn’t have any dictionary words in it—you know, a “good” password. So far, so good.

The problem arose when I attempted to log in to the school’s wireless internet connection. My http traffic was redirected, as expected, to a login page. I’d been assured that my portal credentials would serve as my WiFi credentials as well—but every time I tried to log in to WiFi, I was informed that my credentials were invalid. I checked and doublechecked them, and made sure they still allowed me to check my email at the dedicated email stations around the corner.

So I made my way over to the help desk and explained my problem. The helpful and friendly (and patient—I was far from the only person asking for help at the same time) operator asked for my VEU student ID, which I provided her. She typed some stuff into her computer and started copying information from her screen to a sticky note, which she proceeded to show me.

On the sticky note were written my username and my password. Even worse, it wasn’t actually the password I’d set for myself, since it had been converted to lowercase. It turns out the reason I couldn’t log in was that the WiFi authentication was expecting my password all in lowercase.

Can you get any further from best practices? Not just storing the passwords as cleartext, which is bad enough, but forcing them to lowercase. I can’t decide which upsets me more.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Powered by WordPress with Hiperminimalist Theme design by Borja Fernandez.

Entries and comments feeds. Valid XHTML and CSS.