"Your password will expire in 10 days; do you want to change it?” This message flashed on the computer screen at the hospital when I tried to log on.
It is a little like asking “You are going to expire in 10 days, do you want to die now?” Why would I want to change my password early and why 10 days? Why not ask me if I want to change it 20 or 30 days in advance? Heck, why not prompt me to change it as soon as I choose the new one. Maybe the message should be, “You have just chosen a new password. Do you want to change it now before you forget it?”
This changing of passwords seems so arbitrary. For example, I was invited over to a friend’s house for dinner but when I got there they weren’t home. We knew their gate code, so we went in, and since their back door was unlocked we opened it. At this point their alarm went off shortly followed by their phone ringing. “Hello,” I answered.
“This is the alarm company; could you please give me the password?”
“Um, is it ‘chickens’?”
“No sir, it isn’t.”
“Can I change it to ‘chickens’?”
At that point they called the police.
I wonder if we are really safer having all these passwords. I am reminded of Dr Richard Feynman’s evaluation of security during the Second World War. Dr Feynman won the Nobel Prize for physics. As a young man, he was invited to help the war effort and worked on the Manhattan Project.
He became the go-to guy for safe cracking and later admitted that all the safes at this top-secret facility came with the same preset combination that only about 5% of people had changed. He also discovered a hole in the fence, and would take great pleasure in going out through it and returning through the checkpoint over and over again, giving the guards fits.
I realize we have to protect our patients’ medical information, but why do I have to change my password and why can’t I use any of my previous 10 passwords?
If I were a computer hacker trying to make a living I’m pretty sure I wouldn’t be wasting my energy on the Fraser Health site. I don’t think hackers are thinking, “I know, I’ll find out my neighbor’s stool sample results and then blackmail him for millions. Once the word gets out that he has giardiasis his life will be ruined (insert maniacal laughter).”
Personally, I haven’t heard of anyone hacking into hospital computer systems to access records. I think hackers are probably focusing more on financial sites such as banks and credit card companies. Point of interest: I don’t have to change my online banking password, and if I do change it I can use a previous one.
I don’t know about you but I have so many passwords for so many sites I am in danger of not remembering any of them. I have put them on my phone and home computer, but what if they crash or what if I can’t remember the passwords to these electronic holding sites?
As I age I am a little afraid that when I expire, and if I do manage to make it to heaven, Saint Peter will say, “Welcome, good work! Now if I could please have your password.”