Ask HN: As Non-IT Personnel, How Do You Address Bad IT Policy in the Workplace? I currently work for a state government department, and am also enrolled in a local tech college. Each of these places have, in my opinion, bad policy surrounding passwords. I have contacted the correct people to express concerns, but nothing changes. These passwords protect things akin to your bank account if you bank account also had your tax and SS# information stored there as well. I am wondering what sort of system the typical IT based business has compared to the bureaucratic setup of a government entity and if there is any advice for making a bigger splash without drowning myself simultaneously. Things that concern me about the policy - -Forced changes every 6 months. IMO this has always created an avenue for a person to create weaker passwords as they create them more often. -The former problem is exacerbated by the fact you cannot reuse passwords. This also concerns me because this means they have my old passwords stored somewhere in the system or else they wouldnt know this. -In the case of the school, they require exactly 9 characters. This is a good length but why is there a maximum length? I actually suggested a method by which they could keep this policy if they would just distribute password lockers for folks to use on an official basis. There are so many people here with their passwords stickied to their monitors its scary. Thanks. |