The Password Conundrum

Control system cybersecurity brings numerous advantages, but keeping up with all the passwords is a skill into itself.

Aw 43628 Cyber Security

“Seven-Two-Bravo-Delta-Three-Zero…” so began the litany of giving access to my kids’ friends when they would come over to visit and wanted (needed?) Internet access. Because of it, my legendary status as geeky dad was enhanced, although it was never intended to be that cryptic or complicated.

I had a Netgear USB connection for my old Pentium 3 computer. Netgear had a nice little utility that allowed you to type in a passphrase and then it would generate the encryption key needed for access. I simply entered a favorite album title (yes, one I actually owned on vinyl at that time) and voila, out came the key. It worked great for me.

But then the Netgear utility quit working, my USB wireless quit working, and believe it or not, that old Pentium 3 quit working. After a while, I even changed the pass key to something that we could all remember. The kids would certainly tease me about the old one, but they never seemed frustrated about it. I wish I could say the same about passwords in the workplace.

I have 37 passwords in my password manager that I use just for work, ranging from Atlantic States Safety Program to Wonderware Community. How did I miss X, Y, and Z? Maybe I need to buy some safety shoes from Zappos.

I understand the need for passwords and am not afraid to make them as robust as they need to be.

Here is a case in point: I read an article in a Linux newsletter about a mental algorithm which creates a unique password for each site. Of course I use it, because my life isn’t already complicated enough. To make it even more difficult, some sites won’t accept special characters in the password while others require them. Needless to say, the algorithm goes out the window when I have to try a second password after the first one fails. And at this point, I am way too far committed to go back and change all my passwords using some other system.

As I sit at a customer site needing to accomplish several tasks, I seem to be locked out of all of them. I need to release a Wonderware application on the Wonderware server. “Oh, you aren’t permitted to open a remote desktop session, let’s give you a special user account just for that.” Bingo, a new password! I get a pop-up from the Rockwell Automation Logix5000 software that the PLC is running version 19. “Oh, you need to download that version of Logix.” Ah, but they forget that I am not permitted to access non-secure websites. “Well here, use these DVDs to load it.” Now that is technology I can understand.

Workplace security is a necessary evil. I accept that. As one of my fellow baseball coaches once told me, “You don’t have to like it, you just have to do it.”

“…Foxtrot-Alpha-Delta-Seven-Five-Charley.” Now, did I just connect to my wireless or arm nuclear weapons?

David Anderson is a senior project manager at Loman Control Systems Inc., based in Lititz, Pa. Loman Control Systems is a Certified member of the Control System Integrators Association. See Loman Control Systems' profile on the Industrial Automation Exchange.

More in Home