Friday, November 17, 2017

Security As Oxymoron

My wife and I switched health insurance this month, due to her phased retirement which will be finalized at the end of the year. United Health Care invited me to create a personal account at the website for the new plan, which I did Wednesday.

I had, of course, to create a username and password. The latter took me several tries due to a long list of rules for security reasons. It had to have a capital letter, a small letter, a number, and one of several special characters. It could not have any of several other special characters. No letter or number could be repeated more than once, and it could not contain any actual words.

All of this to protect entry into a site that does not allow any data entry, merely allows the viewing of data. They are seriously concerned with protecting my medical payments from being viewed by unauthorized eyes.

The next day I get an email from them thanking me for signing up at their website. It went on to say, “Please write down your username and password for future reference. You will need it to sign in the next time you visit our website.”

The emphasis is mine, because I am pointing out that they are asking me to render all of the complex security rules they have for creating the password entirely useless, since a password that is written down anywhere is completely insecure. (Not to mention the grammatical error of using “it” to refer to the two things they told me to write down.)

The point should be made that due to their security rules the password must be written down because no one could possibly remember it.

One website required me to remember the name of the street I lived on when I was in first grade. I am 74 years old and grew up in the military. I don’t remember the name of the street I lived on before we bought this house twenty years ago, let alone something from almost seven decades ago. I made something up to satisfy their webform, and then immediately forgot what it was that I invented.

When I needed to answer that “security question” I tried “First Street,” which seemed like a logical answer, but apparently I was not that logical the day I filled out the stupid form.

1 comment:

  1. bruce8:46 AM

    as an IT person, the biggest thing I see that I "frown on" is written down passwords. Like, on a post-it under the keyboard.

    Yeah and the security questions. And 'experts' say you should have a different password for each thing you log into.

    I don't remember what I had for dinner last week and you expect me to remember all that? No wonder I have a password list. Also a good reason is my wife can view accounts is I get run over by a golf cart on campus.


    ReplyDelete