You’ve hit on the exact problem. We’re “security obsessed” for two reasons
We’re lazy. We don’t want to have to cart our crap around with us, so we leave it laying about and hope for the best, which sometimes we get and sometimes we don’t because…
People are assholes. They force companies to do all of this crap to minimize liability because not only are people assholes, they’re sue-happy assholes.
Maybe it’s just because I’m a network admin and therefore some sort of high-functioning autistic by definition, but I feel a sad mixture of pity and frustration when users complain about password complexity requirements. Is it really so hard?
We need mixed case and one non-alpha character, changed every quarter. I suggest pass phrases that contain proper nouns and a number. (Eg; “Leopold Bloom has one cheating wife” → LBh1cw, or “Gregor Samsa is one big bug” → GSi1bb, or “Nicoli Gogol has one big nose” → NGh1bn, or “Michael Scott has two big balls,” etc…)
It’s easy to remember a password like this without subverting the entire purpose of network security. Leaving your credentials out in the open is ridiculously irresponsible.
Okay, I don’t believe that my company is monitoring our movements, for the reasons I stated before. We are not government contractors, we hold no national security information, we hold no confidential customer information, and our employment contract does not provide for electronic monitoring of our movements. We’re not that kind of company. (There might be some account and payment information for customers, but that’s in a department that separate from the general work areas anyway.) Furthermore, the presence of those security doors in those locations could not possibly secure anything. Simply impossible. I believe our company is just being stupid for insisting on security doors in those area.
For fire and genuine safety concerns, there are some legitimate measures, but in a building that’s already access-controlled, you have to see that you’re not adding any security after some point.
However, to address the point of “customer comfort.” There’s a limit after which customers should not be able to expect restrictions. We don’t let customers insist that employees be subject to racial limitations or religious limitations. Similarly customers, with only money at stake, not physical safety, should not be able to get “comfort” of continuous employee monitoring. Routine electronic and video surveillance of people in a workplace should be flat unacceptable short of something on the level of nuclear weapons. It’s a human dignity issue.
Larry, your suggestion really only helps if you have only one password to remember in your whole life.
We just need humans with more dignity. Workplace surveillance has identified people stealing from employers, has identified criminals stealing from workplaces, and also has found pissed-off idiots pissing off into coffee pots. Highly-credentialed, well-referenced nannies have been shown to be irresponsible and even abusive twits incapable of raising a carnival goldfish through workplace monitoring. We are security-obsessed because we are bombarded with these images.
Personally, I just want to know if and where I’m being monitored just so I know not to pick my nose or scratch my balls.
If Americans are allowed to move about freely then the terrorist will win. The only way to save our freedom is to take it away. Why do you hate America?
The OP complains about unreasonable restraints and restrictions, but:
(1) His problem apparently isn’t that his employer restricts his movements: they’ve given him a badge/card that lets him go wherever he wants;
(2) His problem apparently isn’t that his employer is invading his privacy – in post 22, he dismisses the idea that the workers’ movements are monitored by management;
(3) His problem apparently isn’t that his employer has adopted a “chain 'em to the loom” theory of worker productivity – in fact, he asserts that much of his job could just as well be accomplished on the toilet.*
The OP’s immediate problem is, in it’s entirety, that it’s more difficult and less convenient for him to get around in his building than he wants it to be. The doors don’t bother him (presumably even the most revolutionary of his co-workers don’t mind at least one door between the commode and the outside world): it’s the fact that they lock, requiring an extra step (instead of grab turn, pull, it’s swipe, grab, turn, pull) to open them. He asserts that this one extra move makes all the difference, that no one would illicitly prop the doors if getting through them went back to being merely a three-step, rather than a four-step, process. Maybe it’s an important principle, but the OP still strikes me as a guy you don’t want to be next to when the cafeteria’s frozen-yogurt machine runs out of chocolate.
Because at this level, it is a matter of mere convenience. And, while employers ignore the little details of worker comfort at their peril, there may be a few little things about the arrangement they find worthwhile, such as security and fire safety, the fact that automatically locking doors don’t need to be locked individually at night, and the money that gets knocked off their premiums because they’ve convinced their insurer the precautions are worthwhile. Any or all of which may trump the temporary annoyance of the recently-relieved.
*Not to be found in The Wholecloth Book of Resume-Boosting Words and Phrases
That’s nice that you feel that way, but they write your paycheck, not vice versa. Ergo, ipso fatso, they make the rules. Deal.
Howabout you leave those decisions to security professionals, which you aren’t.
Employee monitoring is present everywhere. On an average day, you’ve likely shown up on the video screens of a dozen places, whether you went to Burger Barn, the drug store, or stopped at Movies R Us to grab some DVDs. I’ve accepted it because it’s a simple truth-people steal shit, screw their employers and cow-orkers every day. If that wasn’t true, then guys like me who sell and install surveillance wouldn’t have a market, now would we? If you find that to be intolerable, you’d better start on your underground bunker, post haste. BTW, when you go to buy supplies to build it, they will have you on video, too. 
I have to have a special badge and 2 username/password combinations just to get into my PC at work and another usr/pass for each system I access, each with different rules. Every morning I picture Maxwell Smart walking to work as I go through steps to get to my work.
I have over 25 username/password combinations I need to remember. I know this because I have a list hidden about my desk. Each admin person who gave one of these out gave the same basic speech as you, only with different requirements. Some require at least one CAP, some allow only one special, no words in the dictionary allowed, no reuse of any password from before the stone age, gotta change them every month. Many of the admins I’ve, umm, discussed this with say they keep an encrypted file with all that info so they only have to remember one password. Great idea if you didn’t need the password to get into the computer with the encrypted file!
Creating systems that prevent people from doing the job that they are getting paid to do is ridiculously irresponsible. Just adding layers of obstacles is NOT adding security.
Sorry–I was being sarcastic!
On the rare occasion I am required to conform to one of these (IMHO, ridiculous) password restrictions, I simply type whatever password I was going to use in l33tspeak, with the first letter capitalized, so “aardvark” becomes A4rdv4rk, for example. I recommend it to everyone.
The agency where I work recently replaced security access cards that were used by swiping the strip through a slot on a card reader with shiny new security cards that do not have to be swiped through the slot – they can just be held up near the device to unlock the door.
Then, because these cards can be sensed remotely (they emit radio in order to function) the cards were encased in a shielded holder that requires both hands to open, and must be positioned “just so.”
They’re slightly more cumbersome than the swipe-strip type cards they replaced, but with the added danger of falling out of their special holders and being lost or being scanned remotely by bad guys.
Sailboat
Hold on a minute - some of you seem to be saying that security measures at jobs are created for employee safety, too. I don’t believe that for a minute; security precautions are taken so company equipment and company intellectual property don’t get stolen. If security measures make employees marginally safer too, it’s a by-product, not a planned effect. If the only effect of security measures was employee safety, we wouldn’t be having this discussion because there wouldn’t be any.
I’m as skeptical as the next, but you’re way past me. Do you actually believe that ABC Corp doesn’t care if a discharged employee returns and shoots the place up? Various industries/businesses have known enemies, such as research facilities being targeted by ALF, and family planning clinics being targeted by radical right-to-lifers. Those companies can and do protect their employees via access control.
I have noticed at many of my clients offices that the women’s restroom is either behind the security door (restricted area) or if in an unrestricted area, locked. Some, like my current client (not the only one, though), have the women’s restroom behind the security door, while the men’s is outside by the elevators and unlocked. While my memory is far from complete for all the office buildings I’ve worked in, I am hard-pressed to remember a women’s room with unrestricted access to anyone who gets in the building (not including public atriums, such as the Wintergarden at World Financial Center). I agree, featherlou, that most measures are enacted for loss prevention, but this aspect is definitely safety related.
What the fuck did the English language ever do to you? Maybe someone should install a card swiper on your thesaurus.
I believe that companies may protect their employees if there is a chance of lawsuits, liablilities, or insurance rates increasing. In other words, if it makes financial sense to do so. I do not believe that companies pay anything more than lip service to the safety of their employees unless forced to do so by law. They do nothing just for the good of the employees (i.e. the human capital).
A place I worked at 8 years ago was psycho like that with the security badges. We needed to security-swipe to get into the toilets.
My manager quite openly stated that the badges recorded where employees went and when, and that yes, they were used to time how long you spent in the bathroom, as well as whether you were a minute late back from lunch, etc.
For this reason, you were NOT allowed, under any circumstances, to go through a door on someone else’s pass (ie, co-worker ahead of you holds the door open) because it would ruin the time reporting for management.
Assholes, they were. I quit that job, although the badge thing wasn’t the final straw.
It is. But the password rules for one system at my job requires one non-alpha character, mixed case,a monthly change and can’t repeat any of my last fifteen passwords. The other two systems have different requirements, as do the three or four outside systems I have access to. Plus I need the codes for doors and driveways in the two building I regularly work in. I can’t remember that many different passwords. If they weren’t written down somewhere ( and they are not in my top drawer) I’d get locked out of one or the other on a daily basis. Which means I’ll spend half an hour on the phone, because although I just can’t remember a whole lot of different passwords, there are people at my job who can’t log in without someone standing over them telling them “and then press enter”. There comes a point where you guys try to make things so secure that you guarantee poor security becasue you don’t take the human factor into account.
You know, I don’t really have the patience to read this whole thread.
acsenray bitches about the security, says it doesn’t work anyways, but is firmly convinced that only people with access to the building will be there.
Last year, a woman was SHOT TO DEATH in the lobby of the building my wife had worked at just a year before, by a newly ex-boyfriend that the security guards knew, so they didn’t hustle him off the property. If he’d had carte blanche, he could have executed her in her cube, and maybe taken out others if he’d been of that mindset.
When I started this new job a few months ago, I was told about the staffer that was beaten unconscious by a cleaning person. Badges or no badges, obviously some security is needed.
Stop whining. If you don’t like the policy, try to get it changed. If you can’t, accept your powerlessness in this situation, or man up and fucking quit.
I cannot speak for any company but the work at, but when I’m putting down a security system design, the safety of employees, guests, customers, and contractors is a major concern to me. Lighting is designed to show up any unsavoury characters hanging around, VMD (video motion detectors) record what is happening, and Security patrols parking lots and sometimes escort people to their cars when they’re feeling uneasy about walking to their car by themselves. These are all outside the buildings themselves, the company can’t lose much out there besides a trash can or two.
Here at least, the automated systems with persons monitoring them work much better than people alone. A month or two ago, one of the security supervisors running a test, got onto a facility with an ID badge that expired in 2005. The expiration date is the largest lettering on the ID. The automated system at that entrance was down at the time and was being manned by two persons.