The Secret Developer’s Take on Safer Internet Day
This year a quick Google search will tell you that the theme of Safer Internet Day is “Inspiring change? Making a difference, managing influence and navigating change online”. Well, The Secret Developer is going to share their experience of a safer Internet at work.
Secure Access
At The Secret Developer’s place of employment, they have a policy that you cannot copy anything from the company system. This is enforced by policies on workers’ machines.
“Working in my current role I noticed that AirDrop doesn’t work. So that made getting a profile picture (required) onto my machine more work than I expected. I’m not someone who is going to use a webcam to create a photo taken up my nose (for most of my colleagues that’s acceptable, it seems).
Anyway, AirDrop doesn’t work. USB sticks do. That’s secure then.”
Password Pandemonium
Passwords in corporations are often subjected to a set of ‘rules’ — you might need a number here or a special character there. However, in 2017 the National Institute of Standards and Technology (NIST) told the world “Do not require that [passwords] be changed arbitrarily (e.g., periodically) unless there is a user request or evidence of authenticator compromise.”, because people are unable to memorize them.
“Crazy password rules. We have various passwords for systems which cannot be the same. They also need to be updated every three months. People are writing down the passwords on their phones, using sequential numbers to keep up with the rules to update.
You might think such password rules make sense. If I told you that we have strict password rules but when you’re in the office the staff ALL leave their laptops open and on when going to lunch what would you think then?”
Update Dystopia
We need to keep our machines up to date to keep patching pesky security flaws (thanks Apple). However, there should be an engineer-friendly method for applying the updates.
“I’m working towards the end of the day (17:45). I get the notification that my machine will be updated at 18:00 and I should save my work.
I’m trying to code a solution to a difficult problem, and I’m sent into a rage. Until I realize that iTerm is open, and on Mac that stops any restart. Happy days, the update waited until the next day.”
The Ultimate Safety
Internet safety measures are required when you are working with personal data. The Secret Developer has seen how these can be taken too far.
“Sure, we work with personal data. So, we need the password and laptop security theatre.
Yet in my current role if you take over a week’s vacation your account is locked. Also, if you are in a role longer than six months your account is locked.
Genius, as there is nothing more secure than an account nobody can access.”
Conclusion
” Please corporations get your policies in order. Sure, I could act at my current employer and ‘feedback’ to HR.
Actually, I’ll keep quiet and complain here. If I remain anonymous, I’ll likely keep my job which is nice.”