Me: I had originally posted this a couple of years ago. I took it down and after hem hawing about the “security-ness” of it and after editing I am now posting it again-thus the old, old comments. It is a funny story!
I hope you can follow this…
Part of my job is resetting user’s passwords for the security system that I support. End users submit a ticket that has basic info in it including an ID that is unique. Users use this ID as their login to the system that I support-as well as many other systems, but my system uses a unique password. Most users that submit a ticket to have their password reset have attempted to log in many, many times and just keep entering the wrong password. We’ve all been there, we forget it, guess wrong, whatever. No problem.
So I get a ticket across my desk late in the day. When the user was asked for their ID they put something like, “sweet06” or something. Obviously this was their password. Since I didn’t have a clue what the user’s ID was (their login) I had to reject the ticket. In the notes I stated that I needed their login-not their password.
So she calls into our group. I answer, she explains that she doesn’t understand why the ticket was rejected. So I say that I need her ID.
“Your login,” I clarify.
“Not your password.”
“OHHH,” she says, “You mean the thing on the first line”.
Silently shaking my head while trying to control myself.
“Yes,” I say, “the thing on the first line.”