I was persuing Slashdot at work today and stumbled across this article from the BBC which describes some interesting survey results:

I tried to think about how I could identify to this article:

• I like having a secure network environment a lot


• Chocolate is very yummy. Especially dark chocolate.

However, if I had to make a choice between giving out a password or having to shell out 70 cents to buy my own chocolate bar, I think its been engrained in my head enough that I would have to choose the latter.

Really. What are these people thinking in this day and age?

Perhaps I'm more paranoid than most. This comes from growing up in a "wired" environment for most of my life. My first "username/password" experience happened to be when my Dad worked for a large, well known engineering company during the 1970s. When I was five years old (1977, if anyone's keeping track), he brought home this behemoth of a device. He had to lug it in from his trunk. It looked like a typewriter, except it had a roll of paper already built in. And there was a loud fan. And on the back -- get this -- there was a place where you could put the handset of the phone, so this device could "talk" over the phone to another computer!

In all reality, this was a "dumb terminal" which had no screen (everything was output on paper), and one of the fastest modems around at the time -- 300 baud. (The broadband connection I'm using now advertizes speeds of 100,000 times what we had 27 years ago.) In order to log onto the network, my dad had a username and password. The username was a whole bunch of letters and numbers, and the password he used was a transliterated Hebrew word for "forever."

He shared this with his family, but cautioned us never to share it with anyone outside the family.

Why? Nobody else we knew had a dumb terminal at home! But my Dad still insisted, as he came from an era where phone "phreaking" was all the rage at his engineering school. Hackers didn't have computers to play with, so they played with the phone system, which also had its share of passcodes. When he finally had computer systems to play around with in the early 70s, he figured out where the password files were found on the network! So he made sure that he, nor his family, would be a risk.

And to this day he's been overly paranoid about even writing down a social security number in plain text on a piece of paper that could be found by a potential identity thief. He would attempt to memorize his bank account numbers and credit card numbers rather than have to pull something out which could be visible to someone else. The PIN for his kids ATM cards? He practically mandated that we keep those secret even if we were severely tortured "Alias" style.

Fast forward to the present: Just about everyone has a computer. Just about everyone has many account names and numbers, each with a distinct password. Technologically speaking, everything's become more secure. But there are more and more people out there who are willing to take advantage of someone's lax attitude about security, and potential cause a lot of harm.

In 1977, the only people who ever had to remember a password were network experts who knew the consequences. Nowadays, since just about everyone is "plugged in" somewhere, most people don't know that giving away a password could be a problem. Even if there's some really amazing chocolate attached to it. With the amount of people who remain vulnerable to email viruses and network attacks on their personal and office computers, it's obvious that people aren't taking this all too seriously.

I happen to work for a large telecommunications company. On a daily basis, I need to log into 10-15 systems -- each with individual usernames and passwords. And the passwords need to be changed every 60 days to something I haven't used before. And they all need to have capital and lowercase letters AND numbers in them. Logging in from home? Ha! I had to install special VPN software to do so. And I had to go through a huge procedure to get a "PKI Infrastructure Key" (read: "password") to even attempt to log in. Nonetheless -- even in my hi-tech company, I'm still getting numerous virus emails that I need to erase because other people in the company have chosen to ignore the basic warning of "do not open attachments unless you know what it is and who sent it to you."

It's funny to watch shows like "Alias" and "24" which appear to have such elaborately secure computer networks. When the drama reaches a point where a CIA agent mentions that his password to get into the CIA mainframe is "Sydney" -- I mean, COME ON! You really think there's only one password to get into the CIA? And they'd let you choose the name of the co-worker you've obviously been crushing on? And they don't make you change it every 30-60 days? Sheesh...

Perhaps I'm in the wrong field. I would make a wonderful security consultant. So would my Dad, who taught me all of this. (Although if we ever started a consulting firm together, we'd rip each other's heads off within the first 45 minutes.) Perhaps I could help strengthen the notion that passwords are supposed to remain secret, and that's the only way to maintain the integrity of security.

Or perhaps I should make a run to Costco. Buy cases of Hershey's Special Dark. And grab as many passwords as the chocolate will let me. :-)