Sounds kinda serious! David Houston University of Vermont Phone: (802) 656 2013 ** "You are nestled in our hearts forever" ** ---------- Forwarded message ---------- Date: Wed, 31 May 2006 15:19:11 -0700 Subject: CAF: chronic authentication fatigue On May 31, 2006, at 2:08 PM, John C. Welch wrote: > On 5/31/06 15:54, "Chris Adams" <[log in to unmask]> wrote: > >>> No, because proper user training and education is a critical, >>> possibly *the* >>> critical component of any security plan. If you try to implement >>> any form of >>> security without user training, you're doomed to failure. CAF, or chronic authentication fatigue, is an increasingly widespread affliction that's causing alarm among the sysadmin community. The problem is expected to worsen as soon as four billion Vista users are forced (forced!) to enter their username/password for everything (everything!). CAF attacks the autonomic nerve system; the afflicted have their reflexes confused to the point they hit "OK" without reading on-screen messages and dialogue boxes. As if controlled by some strange virus, they click the throbbing blue "OK" button without fail, each and every time it appears. Nothing can slow them down; they neither pause nor reflect. Their username and password is entered -- for the tenth time since lunch -- without fail, whenever asked. One early symptom of CAF is the refusal to read "Terms of Agreement" and "User License and Warranty" messages. Here, the individual agrees to anything, all the time, every time. They believe they have developed prescient knowledge. When asked what they just agreed to, they declare, "I already know what it says. Just hit the OK button." When asked about this new condition, Kathi, a representative from the Admissions Office, said, "Look, every day, I get nagged about some Microsoft Office update, so I entered my username and password just to shut the damn thing up. So then it put some log file here in my hard drive icon. See? So when I went to go delete it, I had to enter my username and password. Again. Then the next thing you know, I opened a Word document and it gave me some message about whether I wanted to open Word. Well, duh. Of course I do. So I hit the OK button. I mean, what am I supposed to do?" Janice from Purchasing adds, "It's kinda like wack-a-mole. Every time I want to do something, it says, 'are you sure? are you sure?' -- and I keep hitting 'OK' a billion times. I have to enter my username and password here at the university, it must be, fifty times a day. Seriously. So I just do it, because otherwise, I can't get any work done." "Clearly, this is a case of CAF." says the systems administrator. "We gave them handouts. I'm not sure what the problem is. We posted our security policy on our intranet. I even sent out an e-mail. Mark, over in the Windows group, put some Dilbert cartoons near the coffee maker to lighten the mood, but to, you know, spread the word. He put them up there to remind users not to blindly hit "OK" every time they're asked. They're kind of funny. The cartoons, I mean." Security experts are stumped. "We're not sure what to do, other than just keep on warning people with these dialogue boxes and making people enter their username and passwords. We're baffled. But I mean, heck, I don't even read those terms of agreements, even the ones that make me scroll all the way down, like as if I read it or something."