An Andy Rooney Moment

Burt Likko

Pseudonymous Portlander. Homebrewer. Atheist. Recovering Republican. Recovering Catholic. Recovering divorcé. Editor-in-Chief Emeritus of Ordinary Times. Relapsed Lawyer, admitted to practice law (under his real name) in California and Oregon. On Twitter, to his frequent regret, at @burtlikko. House Likko's Words: Scite Verum. Colite Iusticia. Vivere Con Gaudium.

Related Post Roulette

31 Responses

  1. BradK says:


    Are you a victim customer of LADWP as well, or do you reside outside of the City of Los Angeles?  I’ve never attempted to access any sort of information from the County on my water/sewer, only through LADWP site.  And their security is nowhere nearly as robust.  So much for consistency.

    With all the increasing (and accelerating) focus on information security it’s become almost a competition to see which I.T. dept can come up with the most over-the-top policies to which you must conform.  And once you learn to conform they tighten the polices once again.  “Oh, that 12 character complex password that you must change every 30 days you must now change every 7 days.  You cannot reuse old passwords, nor any derivative of them, nor any essence of your name in your new password.  And whatever you do, don’t write it down.”

    Now show me anyone’s home computer monitor that doesn’t have at least a half-dozen yellow stickies with passwords scrawled on them.  Now that’s secure.Report

    • BradK in reply to BradK says:

      Disclosure:  I work in I.T.Report

    • Burt Likko in reply to BradK says:

      I’m in the ass end of Los Angeles County, aka the Antelope Valley. My water service is provided by the County of Los Angeles; to my knowledge, LADWP services only the City of Los Angeles and a few small areas immediately adjacent to it. Although the Los Angeles Aqueduct runs not far from my house, not a drop of that water comes to my taps; LADWP guards that water and its rights to it as jealously now as it did back in the days of Bill Mulholland.Report

      • BradK in reply to Burt Likko says:

        Correct, LADWP is only for city of residents.  Again, it’s just curious the differences in such things as I.T. security policy between the city and county.  Perhaps the county policy is imposed by the state, possibly by the CA Dept. of Water Resources?  And yes, water will soon become more precious than that back icky stuff they still pull out of the ground.  Chinatown III, coming soon.

        The city of I.T. advancement is fairly inconsistent and antiquated to be sure.  I’m in the middle of a land use dispute with the tenants of the abutting property who have been running a commercial 20-ton diesel truck storage and maintenance facility on residential zoned land for 7 years, much to the neighborhood’s dismay.  I contacted the city counsel to try and get at least some information on what permits or variances they may have which would allow such activity, but was told that since the Use Permit (LA-speak for zoning variance) was issued before the mid-90’s none of it is available online.  I would have to go downtown and implore someone to dig through paper records locked away in some archive.  I could see if I was asking for something from the 1960’s but 15 years?  And do they still stamp official documents with hot wax and an impression from the King’s signet ring?Report

        • Burt Likko in reply to BradK says:

          I still remember fondly a title dispute in which one party contended that his chain of title was traceable back to the King of Spain. Which is how I wound up looking at a microfiched copy of a Royal land grant from the 1780’s which did, indeed, have a dark blotch on it where the wax seal was on the original, although I was more taken with El Rey‘s florid signature. I don’t know if the original still exists.Report

    • Fnord in reply to BradK says:

      In fairness, especially for something like that, writing the password on a sticky note probably isn’t costing them much security.

      If they have physical access to your house, finding your water bill is likely not a huge challenge.Report

      • BradK in reply to Fnord says:

        Of course.  I was being a bit snarky.

        Though I remember in my cube dweller days seeing many such instances, back when monitors were CRT’s.  The other easiest way to try and guess someone’s password was to just peek into their cube/office and look at pictures of family or pets, or other personal items that would suggest hobbies or interests.  Chances are great that every password they created while sitting in that chair was derived from something nearby they glanced at while trying to come up with it.

        As always, xkcd nailed it.Report

    • Kimmi in reply to BradK says:

      I don’t have passwords taped to my screen. I believe the last bit of a fairly long password I had once was

      “My name is Andy!” (song lyric,natch–but I hadn’t used the whole thing verbatim)

      I have a couple of insecure passwords. I use them on anything I don’t care if people break.

      I have a couple of passwords (they change over time) which I consider good. They’re memorable.

  2. Jaybird says:

    I prefer passphrases, myself.

    Before we got the absolutely insane password requirements we now have for our lab, I enjoyed changing people’s passwords (at their request to have their password reset, of course) to such things as “DannyDonnyJordanJonathanJoe” and “GeneSimmonsIsMyDad”.

    Those are passwords that will not be brute forced, you see.

    But the “two of these, two of those, two of the other” tend to result in keyboard patterns that are easily brute forced and easily shoulder-surfed.

    It’s insane.Report

    • Ryan Noonan in reply to Jaybird says:

      Didn’t xkcd do a comic about this exact problem?Report

    • Fnord in reply to Jaybird says:

      I believe there was an xkcd about that, how contemporary password practices are making passwords that are hard for humans to remember and easy for computers to guess.

      And people are going to be lazy, anyway. P@ssw0rd. Mixed case, has a number and a non-alphanumeric character. OK, it’s not 12 characters. Fine. P@ssw0rdP@ssw0rd. There. I’m sure I’m secure now.

      But it seems the easiest way to prevent brute force attacks is adding a time delay or account lock out to repeated attempts.  I know some services that lock out after 5 attempts, but I doubt you even have to be that aggressive. If you don’t remember your password after 20 tries, you’re never going to, but 20 is not nearly enough attempts for anything that could be called “brute force”. And if you don’t implement something like this, well, computers, and thus brute force attacks, are only going to get faster.Report

    • Kimmi in reply to Jaybird says:

      Who the hell brute forces anything? It’s just easier to grab the vet records, and go from there.

      (Plus… who the hell uses popcorn as a password?!? Popcorn.)Report

      • James Hanley in reply to Kimmi says:

        I know nothing about this topic, but since Kimmi says no one brute forces anything, I’m sure it happens a lot.Report

        • Kimmi in reply to James Hanley says:

          one could, if you’d rather, infer that it’s a lot easier to brute force the vet’s security rather than IBM’s. Also, veternarian. The correct wording might be “what security?”Report

  3. Kimmi says:

    Your housing assessments aren’t posted online?

    Hell, in my county, they post (publically) if you haven’t paid your tax bill yet.Report

    • Dan Miller in reply to Kimmi says:

      Yeah, sorry to say, Burt, but the cat’s probably out of the bag on the house assessment.Report

      • Burt Likko in reply to Dan Miller says:

        I use that tool all the time. But the point is, don’t you think a reasonable person would be more sensitive about how much their house was worth than the amount of their water bill?Report

        • James Hanley in reply to Burt Likko says:

          They’re preparing you for the coming crisis by teaching you now that your water bill is something you should be very secretive about. Then when they start rationing your household to 1.7 liters per day, they can use the threat of publicizing your use to your neighbors.  It’s all part of the plan, man.Report

  4. Miss Mary says:

    I never really pay any attention to the tags and categories listed at the bottom when I get the posts from the league in my email. This one caught my eye; musings and rants.

    I have nothing of significant value to add with this comment, I just thought it the categories were cute.Report

  5. Mad Rocket Scientist says:

    I have an account with an investment firm who, when you lose/forget your password, will be happy to send you a temporary password you can use to reset your account password.  It will come by US Mail, and it will be there in 14 business days (not up to 14 business days, but at 14 business days).


  6. Mike Schilling says:

    The land was always there; the water had to be arduously stolen.Report

  7. A Teacher says:

    What gets me is this:

    We have a baby.  We run low on cash so I put the Tax bill in the “don’t pay tonight” pile and forget it’s there.

    I file our income taxes and think “hey…. why isn’t my bank account showing a second payment for taxes?” And find said bill.

    I find out, okay, since I’m late they’re going to charge me a fee.  I call and find out the fee.  I send them a check.

    I get another bill stating “thank you for the check, but between your call and the check arriving we added another $X to your bill so you still owe us $X.  Kkthnxbi!”



  8. Kevin Carson says:

    All bureaucratic policies, whether of the state or the large corporation, are motivated mainly by a desire to have an official policy on paper so their ass is covered. The typical policy works against its stated purpose in all sorts of unanticipated ways, that could only be avoided through active consumer and production worker feedback in the formulation stage. But what’s their response if you try to give such feedback, and point out the irrational and counterproductive nature of their policies? You’re fired!Report

  9. Brandon Berg says:

    You need a digit and a punctuation symbol in your user name? I’ve never heard of anything like that before.Report