I Am Willing to Pay More For Less Security

IT Security Infrastructure is Now So Byzantine That I am Spending More Time Keeping Track of and Entering Passwords Than Using My PC for Actual Work

After another half day of frustration working with my company's IT team to troubleshoot and (not) fix a password problem on my work PC today and I am at my wits end. Over the course of the six hour nightmare I had to enter a newly generated "static" password containing no less than 22 characters, more than twenty times. That static password was created to replace the temporary password I had been given previously, that contained a staggering twenty nine characters and had to be entered 15 times. The password symbols are so random, arcane, and cryptic that memorization is not possible, and of course the use of copy-paste is not allowed. In addition some of the password characters (depending on the particular font one is using) are not clearly differentiable. For example, a capital I and a lowercase l look identical in many fonts. Of course on at least five occasions, and probably more, I entered one or more of the characters incorrectly, resulting in my account getting instantly locked. Seriously? One chance? Not even a single, sorry, but try again? One free, freakin pass? Gheezus Christie IT we are not machines. Humans occasionally make mistakes. Is it really a security risk to allow someone two chances at entering a randomly generated string of 29 characters? Something tells me even the most gifted of hackers (be they human or machine) are not just going to randomly guess it correctly on the second try. I can picture many a despondent hacker hanging their heads in shame and lamenting "damn you IT security, if only you had given me a second chance to guess that randomly generated string of 29 characters correctly, but you were just too darn smart and only gave me one chance. I will have my revenge. Someday I will have my revenge. bhhhhaaa, bhaaaa..." or you know how that evil villain laugh sounds. You can't really write it out in words very well.

I mean, wtf? Have some common sense. Need another example. I recently accidentally entered my password into the user name box of my network login screen instead of the password box where it belonged. Somehow (don't ask me how) IT got wind of this grave infraction resulting in an email demanding that I immediately change my network password because of the security risk it posed. Now, I am no IT genius, but seriously? Security risk? Just how many Planks length above zero probability events would have to happen in order for this to be a security risk. I can't even envision such a scenario in my head but if we are worried enough about such low probability events (I would argue they are zero probability) to be sending emails about them, we have gone way beyond any reasonable standard of security and into the realm of paranoia. As an update, my refusing to change my password in this instance, resulted in an email to my boss, which resulted in a text message from her to me, which resulted in me changing my password. Damn you IT. Damn you. You may have won this round, and you may win the next, but you can and will win them all I'm sure. Uggg. The little guy can't ever catch a break.

This attitude, if a little security is good, than a lot must be much better, is pervasive across almost every aspect of modern life, from the airport, to the local grocery store, but it has reached its most glaringly annoying and stupid apex in the world of internet/IT security where the attitude seems to be that no price in convenience or productivity or whatever is too high to pay for even the tiniest incremental gain in "security." Outside of the workplace on the web things are just as bad with the fear of "stolen identity" and "spam attacks" creating all manner of ludicrous and incredibly frustrating inconveniences. The CAPTCHA challenges that are in place to prevent such attacks have become so cryptic that while they defeat even the most (not) intelligent AI they also defeat even the most actually intelligent human on a regular basis.

There has to be someone who can step in and fill this market need. People who are willing to accept some (slightly elevated) risk of any manner of bad things happening (in all aspects of life) in return for the ability to function at a normal level of productivity and happiness. I would be willing to pay serious money for that, and I can't be the only one.