Saturday, December 15, 2018

Fobbed

I have been fobbed.

We’re in the middle of yet another huge transition down on Home Campus, one that started last fall and likely won’t be completed for a couple years yet, at least not fully.  This is not to be confused with the huge transition that started three years prior to that and was likely to be completed sometime next year but got pre-empted by the current huge transition, or the decade or so of institutional nonsense that was visited upon us by our elected overlords prior to that.

One crisis at a time, people.

The current transition is actually going surprisingly well, all things considered, at least for us.  We kind of lucked out with our partners, and I think that it’s moving forward about as well as it could have thanks to a great many people putting in immense amounts of work, so as far as that goes I’m not unhappy with things.

The details can be odd, though.

One of the details is that as this transition moves forward, people with my particular set of job responsibilities will need Multi-Factor Authorization in order to access the various systems that we need to carry out those responsibilities.  I am sure that this makes sense from an IT perspective, but I have to say from my perspective it’s just so much jargon and nonsense.

This is why I’m not in IT.

Last week we got a multi-page instruction email regarding the whys and whatfors of MFA (which I can never remember actually stands for Multi-Factor Authorization so in my head it always comes out as either Mother [Fornicating] Access or Master of Fine Arts).  We were supposed to go through it and then sign the back page to indicate that we had “read and understood” what was in it.

I wrote to my boss: “Is one out of two enough to sign?  I’ve read it twice, but I can’t really say I’ve understood a word of it.”

She said that was enough, so I signed.

Yesterday we had a meeting with the IT folks from the new Mother Ship and they went through the MFA process with us.  The bottom line is that we have to log in with two different things – first, the User ID and 600-character password that we have to memorize (including at least 17 capitals, 43 non-alphabetical symbols, 12 numbers [three written out, four numeric, and the rest up to you as a free choice so long as at least one of them is 3-digits long], two Disney characters, one Marvel or DC character [your choice], and the first name of the romantic interest from the last book you read [if there isn’t such an interest in the book, pick the character who should have been]), and second, a one-time code that we have to generate ourselves.

There are two ways to generate this code, one of which involves me downloading an app to my phone which means that the chance of that happening is exactly nil.  I don’t like apps.  I find them intrusive, exasperating, and generally detrimental to the quality of my life, and the idea of adding a work app to my personal phone just rubs me the wrong way entirely.  Plus, if you ever have to do anything with your phone you have to redo the entire setup process with the app from square one.  So that’ll be a hard pass, thanks.

The other way is to have a separate gizmo called a fob, which will generate a code at the push of a button.  You can then enter the code in the space provided (provided there is a space) and then – finally – be able to do your job.

How the fob knows what code the computer will accept at that moment was skipped over lightly during this training.  I can only assume that there is some form of sorcery involved.  The one thing I know about magic is that power has to come from somewhere, and I am kind of hoping that it involves some form of sacrifice of objectionable people whom I get to choose.  This would be an extra incentive to get my work done and rechecked, and that would be good management.

They don’t want us to store the fob next to the computer we use, as that would sort of defeat the purpose of all this whiz-bang MFA security, kind of like requiring a 600-character password that nobody can remember so they put it on a post-it note and stick it to the monitor (just saying).  So I’ve got this thing on my keyring, where it takes up far too much space.

I don’t even have access to the systems that I would need the fob to generate codes for yet.  That side of the bureaucracy is somewhat lagging, which is probably my fault for not getting the paperwork in quickly enough earlier this semester (see above, re: “read and understand”) but there it is.

It’s been that kind of month, really.

7 comments:

James A. Brown said...

I laughed.

I'm in IT, and I was about to lunge for my keyboard to explain MFA in a way that you would totally understand and agree on what a great thing it is.


Then I thought, "Mmmm, better not."

David said...

Yeah, it would only compound things. ;)

I do have a basic grasp of the concept - they want several ways to identify us so the odds of someone else hacking in with our credentials is lower - but the explanation of both the concept and the actual process (not to mention the long diversion into just who would actually need to use this process, which I read more than twice and still didn't know if I was really required to go through the training or not) left a lot to be desired on the clarity front.

I like technology, for the most part, but I can't say I'm any good at it. The fact that I make a significant chunk of my living teaching online is just one of those ironies, I guess.

Unknown said...

MFA is annoying but necessary

And it's based not on sorcery but on advanced math which is the same thing, just with more textbooks and academic acceptance. ;)

LucyInDisguise said...

What fun.

Yeah, I think you're right on the sorcery thing, other opinions and "new", advanced or loggerhythmath notwithstanding. 😀

I'd be satisfied if someone could just explain to me why, after successfully logging in, I have to enter the same information in three different screens in the same app, twice a day, every day. I seem to remember that computers have an ability to store information and share it with other parts of the program when necessary, however, whoever wrote the apps we use every day never figured out how to do that ...

Truck Number. Trailer Number. Odometer. Hour Meter. City, State, ZipCode. None of that shit changed since I logged out yesterday.

Never seems to end.

Then there's the absolutely batshit crazy stuff: Dog's middle name. Cat's nickname. Wife's birthday. Third Grade Teacher's favorite color. Universal Astrological Sign.

THEN, you get to re-enter the 607-character password because the app logged you out for no discernable reason. (And, yeah, our passwords contain seven more characters than yours on-account-a-'cause my IT people are the kind of assholes that spell 'fool' with a final 'e' just to piss you off, then abbreviate it in an unconventional way to confuse the security porpoises. )

I'd give you my definition of MFA, and IT people in general, but this is supposed to be a (more or less) civil blog.

Enjoy the new normal, my friend.

Lucy

David said...

@Darren - There is a very fine line between advanced math and sorcery. One of my favorite series of novels is Charles Stross' Laundry Files, which is based on pretty much that fact. Speaking as someone who started college as a math major before being convinced that this was not, in fact, my field, I'm never sure if that line is really worth drawing or not.

@Lucy - The new normal is anything but. I've never understood the whole "log me out, log me back in, didn't I enter all that last time?" routine. Honestly I'd make stuff up if my memory were better. On top of everything else we have to rotate our passwords every 90 days or new criminal probe of the president, whichever comes first, which means that there is a veritable blizzard of passwords that get passed around like dill pickles at a Russian drinking festival. Eventually we'll all just get retinal scanned and the criminals will graduate from financial crimes to assault with intent to remove eyeballs.

George Carlin's "Occupation: Foole" was one of my favorite albums when I was a kid, which explains a whole lot really.

LucyInDisguise said...

After I posted that, I found myself wondering if you would catch the reference, you being one of them there young whippersnappers and all.

And, I'll see your 90 days and raise you 81. Serious. We have to reset our password every 81 days. Not 80. Not 82. 81 days or you get locked out of the system until you can get an administrator to approve a new password for you. It's enough to make me want to rip my hair out by the roots - and I would, too, if I had any left ...

And, btw, my favorite "oops" is to transpose the last three numbers of my odometer every third Friday. Because my wife is dyslexic.

Lucy

David said...

I spent years with the same password down at Home Campus, mostly because my job status was so transient - I worked on a lot of different campuses and never knew until right before the semester whether or how much I'd be teaching (I've had classes added on 48 hours notice and taken away on 9 hours notice), so the IT folks never quite knew what to do with me. I got grandfathered into that status when I got the advising position, but they caught up to me last year. I've been bouncing back and forth between the same two passwords ever since, which I don't think you're allowed to do either but so far so good.

This year, with the Latest Upheaval, I think the IT folks have just given up. We get new email accounts anyway sometime in January (in theory), so we will fall under the Mother Ship's IT regime rather than Home Campus'. We'll see how that goes.

I'm working in trimming my email inbox down for the big move. Last week I got it down below 30,000 messages!