PASSWORD

[BLACK BART]

Think I've posted this before, but it's worth repeating.  I read somewhere on an IRS TIGTA (IRS's version of police Internal Affairs) report that they reprimanded a division of IRS for using as a password the word (no, not a convoluted, lengthy combo of numbers, letters, characters they ask of us) PASSWORD.  Didn't say if upper or lower case required - your choice I guess. 

 

[Lee B]

Recently there was a lengthy article detailing  multiple security problems at many different IRS programs.

A recipe for failure:  Too many tax law changes, not enough employees, not enough funding, lurching from one tax year to the next tax year putting out one fire after another.

As I have said before, 'A slow moving train wreck headed downhill."

Long range planning is not a strength of our elected representatives!

[Patrick Michael]

I have talked with many of my fellow tax professionals and I keep hearing that if the mess at the IRS does not get cleaned up they will be leaving the field.  They are tired of spending hours replying to IRS letters on simple matters and then getting no reply to the letters for months and months. Clients waiting over a year for amended returns to be processed. Clients continually call to see what is going on and then are upset when you tell you don't know, waiting on the IRS to respond.  And you can not get through to anyone on the phone, and when you do, the person can not (or will not), help to fix the matter.  Clients are frustrated, tax professionals are frustrated, and the IRS just doesn't seem to care.

[BulldogTom]

1 hour ago, Patrick Michael said:

I have talked with many of my fellow tax professionals and I keep hearing that if the mess at the IRS does not get cleaned up they will be leaving the field.  They are tired of spending hours replying to IRS letters on simple matters and then getting no reply to the letters for months and months. Clients waiting over a year for amended returns to be processed. Clients continually call to see what is going on and then are upset when you tell you don't know, waiting on the IRS to respond.  And you can not get through to anyone on the phone, and when you do, the person can not (or will not), help to fix the matter.  Clients are frustrated, tax professionals are frustrated, and the IRS just doesn't seem to care.

Well said.

Tom
Longview, TX

[Lee B]

Given the overall  current circumstances that the IRS employees have to work under,  it must be a really frustrating place to work.

 

[Abby Normal]

It's not like this isn't a societal thing. I've seen many offices with passwords on sticky notes attached to computers, and poor passwords are very popular. Longer passwords are better, and they can simply be a phrase or random words, with some substitutions of symbols and numbers (Allalongthew@tcht0wer).

[Catherine]

F0urScoreAnd7YearsAgo

(not one I use)

[Abby Normal]

Not one that I use:

J@ck@jwuth2f@p0w = Jack and Jill went up the hill to fetch a pail of water.

I like it because it's mnemonics except for the first word, Jack.

I find all of these easy to remember.

 

[Randall]

22 hours ago, Abby Normal said:

It's not like this isn't a societal thing. I've seen many offices with passwords on sticky notes attached to computers, and poor passwords are very popular. Longer passwords are better, and they can simply be a phrase or random words, with some substitutions of symbols and numbers (Allalongthew@tcht0wer).

A princess kept a view.

 

[Patrick Michael]

I don't use any words.  First letters of a phrase with other letters, numbers, and special characters that change depending on the web site name.  For instance, (not the actual core or scheme): core is Wttartif.  Then the second letter of web site name, then a ? if the first letter of web site name is vowel, * if not, followed by the number of letters in the website name.  This way if someone gets one of my passwords, they can't use it to access other sites, but I can still remember numerous passwords.  According to password strength tester it would take 2 thousand years for password guesser to get it right.

[Eric]

The article that I believe prompted the above comic:

https://www.baekdal.com/thoughts/password-security-usability/

From the article: It is 10 times more secure to use "this is fun" as your password, than "J4fS<2". At least, that was true until the article was published.

When I have to create passwords for another person's account, and I'm not sure if they'll take the time to change it, this is the method I use.  Example: purple-spotted-skipping-hamster

It's completely random, extremely secure, and easy to remember and type.

Unfortunately, even though the password would take hundreds or thousands of years to crack, it's deemed insecure by many password strength indicators because it's missing a number or a capital letter.

 

[Abby Normal]

The problem is websites with differing requirements (uppercase, lowercase, number, special character) so that you can't just use 4 words, you have to do some substitutions.

Websites may be well intentioned, trying to make you use more complex passwords, but they should all drop those requirements and instead require longer passwords. I've encountered sites where password can't exceed 8 characters.

[BulldogTom]

My favorite dumb blonde joke.   If you are blonde, don't beat me up, it is just funny.

During a recent password audit, it was found that a blonde was using the following password: "MickeyMinniePlutoHueyLouieDeweyDonaldGoofySacramento". When asked why she had such a long password, she said "Duh, you told me that it had to be at least 8 characters and include a capital."

Tom
Longview, TX