April Fools Day 2010

April Fools Day 2010

After last year’s Epic April Fool of Win, expectations were high for today. I had a feeling people were not going to be as gulli– er, trusting, as before. After all, they don’t want to fall for it again, do they?  Or you’d think that, anyway.

My email this morning:

To: All Staff
Subject: Reminder about changes to staff passwords

Hi all,

Just a (second!) reminder about the changes to your password when we come back over Easter.

The new password policy will be this:

  1. Passwords will now need to be changed every 20 days, not every 45 days.
  2. It will not allow you to postpone changing your password (i.e. when asked, you will need to change it immediately – you won’t be given the 14 days grace you currently do).
  3. It will not allow you to change your password to ANY password, or variation of any password, you have ever used previously – this means you can’t just “add a 1” to the end or use the same password with a different number in it.
  4. Your password must follow the “password strength” rules below.

Passwords must meet the following rules:

  1. They must be at least 16 characters long.
  2. They must contain at least two upper-case letters.
  3. They must contain at least two lower-case letters.
  4. They must contain at least two numbers.
  5. They must contain at least two punctuation symbols.
  6. They must not contain consecutive or repeated characters (e.g. “1234”, “fghi” or “BBB” are not allowed).

In addition, passwords will be checked against an electronic dictionary to ensure they do not contain any proper words.

Any questions, please pop in and see us.

From my original email sent last Monday:

—-

As you are probably aware, we had another “hacking” incident last week. A staff password was “brute force attacked” and a pupil found out what it was. As a result, we will need to revise again the complexity of passwords.

As mentioned in briefing this morning, we will be resetting ALL staff passwords over the Easter holiday. You will need to come and see us on the first day back to obtain your new password, which will only be divulged to you once you have signed the Staff Acceptable Use policy. You will then need to change this password as soon as possible by logging in and following the instructions.

Of course, the email last Monday didn’t exist. Nor did the hacking attempt.

Less than 30 seconds after clicking send, I got my first complaining phone call. Result!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.