Sounds kinda serious!
David Houston
University of Vermont
Phone: (802) 656 2013
**
"You are nestled in our hearts forever"
**
---------- Forwarded message ----------
Date: Wed, 31 May 2006 15:19:11 -0700
Subject: CAF: chronic authentication fatigue
On May 31, 2006, at 2:08 PM, John C. Welch wrote:
> On 5/31/06 15:54, "Chris Adams" <[log in to unmask]> wrote:
>
>>> No, because proper user training and education is a critical,
>>> possibly *the*
>>> critical component of any security plan. If you try to implement
>>> any form of
>>> security without user training, you're doomed to failure.
CAF, or chronic authentication fatigue, is an increasingly widespread
affliction that's causing alarm among the sysadmin community. The problem
is expected to worsen as soon as four billion Vista users are forced
(forced!) to enter their username/password for everything (everything!).
CAF attacks the autonomic nerve system; the afflicted have their reflexes
confused to the point they hit "OK" without reading on-screen messages and
dialogue boxes. As if controlled by some strange virus, they click the
throbbing blue "OK" button without fail, each and every time it appears.
Nothing can slow them down; they neither pause nor reflect. Their username
and password is entered -- for the tenth time since lunch -- without fail,
whenever asked.
One early symptom of CAF is the refusal to read "Terms of Agreement" and
"User License and Warranty" messages. Here, the individual agrees to
anything, all the time, every time. They believe they have developed
prescient knowledge. When asked what they just agreed to, they declare, "I
already know what it says. Just hit the OK button."
When asked about this new condition, Kathi, a representative from the
Admissions Office, said, "Look, every day, I get nagged about some
Microsoft Office update, so I entered my username and password just to
shut the damn thing up. So then it put some log file here in my hard drive
icon. See? So when I went to go delete it, I had to enter my username and
password. Again. Then the next thing you know, I opened a Word document
and it gave me some message about whether I wanted to open Word. Well,
duh. Of course I do. So I hit the OK button. I mean, what am I supposed to
do?"
Janice from Purchasing adds, "It's kinda like wack-a-mole. Every time I
want to do something, it says, 'are you sure? are you sure?' -- and I keep
hitting 'OK' a billion times. I have to enter my username and password
here at the university, it must be, fifty times a day. Seriously. So I
just do it, because otherwise, I can't get any work done."
"Clearly, this is a case of CAF." says the systems administrator. "We gave
them handouts. I'm not sure what the problem is. We posted our security
policy on our intranet. I even sent out an e-mail. Mark, over in the
Windows group, put some Dilbert cartoons near the coffee maker to lighten
the mood, but to, you know, spread the word. He put them up there to
remind users not to blindly hit "OK" every time they're asked. They're
kind of funny. The cartoons, I mean."
Security experts are stumped. "We're not sure what to do, other than just
keep on warning people with these dialogue boxes and making people enter
their username and passwords. We're baffled. But I mean, heck, I don't
even read those terms of agreements, even the ones that make me scroll all
the way down, like as if I read it or something."
|