Computer security avoidance (7)
|
Jun 26, 2009
|
At work we have to log on to our computers with a smart card, which is like a credit card that sticks in the keyboard. For security reasons, our computers are automatically locked after ten minutes of inactivity, at which point we need to log in again with our smart card, which is a small pain in the butt. There's a guy who sits near me who doesn't like this feature, and he found that if his computer is playing music, it doesn't automatically lock. But playing music is annoying for other people, so he hooked up some small speakers under his desk. Apparently somebody must've complained, because there are also headphones connected to those speakers. The volume is just loud enough for me to hear the occasional Carlos Santana guitar solo, which is mildly excruciating. The headphones, of course, don't rest on my co-workers head. They merely sit on his desk as the end result of a long chain of events meant to get around the simple problem of an overactive security system. This is what's wrong with IT departments. #technology
|
Comments:
2009-06-26 15:41:12
why doesnt he just play the music, but put it on mute??
2009-06-26 15:43:37
I wonder that every day. He's kind of a mad-scientist type of person, so I doubt he even realizes his computer is making any noise.
2009-06-29 10:52:03
And this is exactly the type of stuff that drives IT security people nuts. Hackers are generally the least of our worries. It's highly educated, intelligent people purposely finding ways to neuter security systems to avoid minor inconveniences. Here's an idea: Instead of expending effort to figure out how to undo the work of security staff, why not actually engage them in a discussion about perceived security needs weighted against convenience. Is 10 minutes too short? How about 15? What if the grace period were longer? The grace period, if you're not familiar, is the amount of time you have after the screensaver (I believe this also works with the lock workstation feature) starts before it is actually password protected. Default is a few (5?) seconds. In that time, you can jiggle the mouse or hit a key, and it will come back without requiring re-authentication. Perhaps if this were set to something more like 30 seconds, or a minute, it would sufficiently alleviate the annoyance? IT people get a bad stereotype because they often don't offer these types of compromises for user convenience. A lot of IT people just don't think of that sort of thing - They're too busy actually building the back end system. Usually, a minor tweak like this will make a security system much more bearable, which improves adoption, and reduces silly hacks intended to bypass the system. /rant
2009-06-29 15:03:34
Can't you passive-aggressively walk over there and hit the mute button on his computer?
Are you scared because he's a mad scientist and could be video-ing his workstation at all times?
2009-06-30 08:53:05
Rich, I can't engage the IT people in a discussion because they're one level below God on the totem pole. The decisions they make affect many thousands of computer users, so there's pretty much no way they'll ever do anything I say.
Wendy, I tried to passively aggress that music into silence, but the mad scientist's cubicle mate is always there. The Rules of Passive Aggression state that "No act of passive aggression may be witnessed by another human." Fail.
2009-06-30 09:29:49
An observation: Where I work doing IT, I've heard a similar opinion expressed by end users - that they don't say anything because no one would listen. It's funny because we really don't have the kind of clout that they think we do. Usually, when a situation arises that gets a user to finally speak up, it brings to our attention a problem we didn't even know existed - because no one told us. In our case, we're happy to try to reach usability compromises, because we know it prevents the type of situation you describe. Maybe your IT department is different - maybe they really do run your company, and don't care about inconveniencing users. Probably there are a few individuals in the department for whom that is true, but I doubt that is the overall culture.
2009-06-30 13:47:19
I'm Confused. I thought IT Security was created solely for the purpose of limiting how productive software users could be. This seems to say just the opposite. :-)
|