Holding His Breath Until He Turns Blue

Posted by Pete Apr.03, 2014 in Passwords & Security

holding-breath

At first glance, this story seems kind of funny, but it reveals a bigger problem.

Mark Aronsen of New Zealand is refusing to change the password for his online account at the local power company. He says that he’s happy with his current password, and that the company is being ‘mischievous’ in their efforts to get him to change it. And so they are at a standoff.

Mr Aronsen is demanding that they let him keep his current password, or he says he’ll drop their service and switch to another vendor. Sounds rather petty. (We’re curious how often he needs to use the password.)

Just like cod liver oil and spinach, no one likes passwords. At best, people consider them to be a necessary evil. Even so, passwords are still the primary online authentication method.

Is the password really that cute that he can’t bear to part with it? Passwords are a bad place for ‘cute’ since you shouldn’t be telling anyone your password anyway, so it’s really an inside joke that you only get to enjoy all by your lonesome self. If you really need to be cute, then do it with the login name.

Another possibility of why Mr Aronsen is being stubborn about changing this password is that THIS is his password – for all of his sites. That would be a bigger problem.

It’s not a good sign that Contact Energy isn’t able to explain to its customer(s) the importance of a new password for company and, therefore, client security. If they don’t believe that they are increasing security, then there’s no way they are going to be able to explain it to their customers.

With all the news of security breaches and the importance of strong passwords in the news these days, it’s strange that Mr. Aronsen can’t accept that improved security systems may require new passwords. This is especially true if – as the article suggests – Mr. Aronsen’s password is a simple dictionary word.

Like it or not, the right thing to happen would be for the company to let Mr. Aronsen to know that this is non-negotiable. Mr. Aronsen would then be free to make his change to another power company.

We wish him the best.

We’d also wager that his new power supplier will require just as hard a password as the one that Contact Energy is requiring of him.

(We waited and waited to see how the story turned out, but there hasn’t been a follow-up to the story in The Timaru Herald or other New Zealand paper.)