Since it is cybersecurity awareness month, I’m thinking more about how secure things are not. Big companies I expect capable of well resourcing their teams get breached. They are giant whales, so the Ahab threat actors really want to take them.

The awareness stuff is all the same stuff with a twist: Be careful.

Over time, I’ve noticed that authentication is more and more cumbersome. We longer, more complex password requirements which make it harder and harder to remember passwords. (Much of what I do is in places password managers cannot see to suggest the correct one, I have to look it up and distinguish between 20+ different options.) We have multi-factor authentication everywhere, so it’s more time remembering where to find the code (an app, email, sms), finding the location, if email or sms waiting and waiting and waiting for it to show up, and maybe getting distracted by something else.

My personal favorite is to get a certain Excel spreadsheet, I have to go through 4 logins and MFAs just to see it. The session cookies don’t apply in some contexts, requiring another authentication only for it to redirect me somewhere else to authenticate again. Rinse. Repeat. Although, everything is slightly different enough to make it questionable when there’s an issue: Is it me or them, and if them which? The service provider or identity provider?

It’s all just a lil bit complicated. Just enough so that people like me are going to be employed in IT for a long time keeping it working. And more layers will get added, making it less likely anyone actually fully understands how it all works. Maybe that one super genius who retired last year? And next year, we will add something to make sure that’s wrong.