June 24, 2018

Password Inundation: Password Policies We Love to Hate

As a technology obsessed society we're drowning in a sea of passwords. Remember when your locker combo was all you had to memorize? Now I have over 100 different passwords. It’s ridiculous.

The problem is no one can possibly remember that many passwords. So what do we do as lazy tech connoisseurs? We simply use the same password over and over again. Problem solved! In fact, research performed at Carnegie Mellon University in 2014 suggests that 80% of people reuse their passwords.

No wonder cyber security breaches are so rampant. We are lazy to the point of negligence. Need more evidence? “123456” was the most popular password in 2015.

In order to save us from ourselves, organizations are encouraged to establish password policies that force us to formulate stronger passwords. In general, password policies bolster cyber security and are necessary for a strong internal control environment. Their existence is perfectly understandable; but, that doesn’t make password policies any less annoying.

Here’s are the top password policies we love to hate:

Two-factor authentication
Typically, two-factor authentication requires a password and something else like a security token or a key fob. There is no argument about the benefits of two-factor authentication, especially for sensitive data. (PII anyone?) But more factors only lead to more hassle for the user.

Tell me I am not the only one who has shown up at work after sitting in traffic for an hour to realize that I left that pesky key fob at home. I love wasting billable time to call the IT hotline for a temporary code. It’s the best.

Automatic change of password time frame
Requiring users to change their password after a certain period of time is one of the most infuriating policies on earth. For instance, you finally memorized your perfect password. It has more password entropy than you know what to do with and 3…2…1…

“Your password has expired. Create a new password.”

Noooo! It is enough to make a person cry.

Password history
Closely related to the automatic change policy is the dreaded password history.

After getting prompted to change your passwords you think, “No big deal, I will just re-submit my old password,” and out of nowhere it is denied. The new password cannot be the same as any of the last five. Foiled again!

Rather than letting the computer have the last laugh, you tweak your password and move on. The next time you login, good luck remembering the minor change. It’s inevitable you will lock yourself out of your account while your muscle memory gets the hang of it. There goes more billable time spent unlocking your account. There is a charge code for that, right?

Until we figure out another acceptable means for authentication (e.g. biometrics become more mainstream) passwords are will continue to be both relevant and a pain in the neck. I will leave you with a few techniques to keep track of your passwords without going insane.

Did I miss any policies that you enjoy loathing? Post them in the comments.

Related: Here Are Some of the Worst Accounting-Related Passwords Hacked From LinkedIn

Image: Someecards

Related articles

Tracking Charitable Donations? Now There’s a CPA-Developed App for That

In more non-iPad, Apple-related news, we learned earlier this week about iDonatedIt, an iPhone app developed by BMG CPAs in Lincoln, Nebraska. The app is designed to track all non-cash charitable contributions whether it be clothes, furniture or family members (okay maybe not the last one). This will allow you to track all of our donations to Goodwill, Salvation Army, etc. rather than receiving that crappy receipt they give you that has nothing on it.

Being interested in all things accountant-ish, we got in touch with BMG to find out how this bit of ingenuity came about.

We spoke with Todd Blome, a partner at BMG who came up with the idea and he told us that as soon as he got an iPhone he was thinking of ideas for apps that would be useful for his clients. Since Todd is the tech-savvy partner at BMG, (he heads up their IT consulting services) he started kicking around ideas right away and eventually landed on the idea for iDonatedIt.


Todd told us that the development was fairly simple and that there were only two test versions prior to releasing the app.

“So far we’ve 100% positive feedback on iDonatedIt,” Todd told us, “We’re definitely looking for suggestions for improvements or add-ons.” The one idea that has been floated to Todd was adding a tax savings tool to the app so that a user could determine how much tax savings would be created by the donations. “That will probably be in version two,” he told us.

iDonatedIt retails for $2.99 at the app store and as Todd noted, “a donation of one item pays for the app.” A version for the Droid is currently in the works as well.

Todd and the rest of of his team at BMG are kicking around a few more ideas for apps but he said they want to make sure iDonatedIt is working as good as possible before committing to another project. Check out the demonstration below and jump over the firm’s website or follow them on Twitter to give them your feedback.

Shoeboxed: Saving Accountants One Nightmare Client at a Time

Last week we briefly mentioned Shoeboxed.com and how they can make all your shoebox receipt toting clients disappear. Not only that but it may save some of your more aggressive employees the trouble of explaining why they punched out the deadbeat who showed up with their receipts on April 15th.

We were fortunate enough to spend a some time with Stacy Chudwin, the Company’s Director of Communications, to learn more about the Durham, North Carolina Company.

Stacy told us that the Company got its start by servicing small businesses who wanted to avoid the hassle of tracking expenses by keeping a mind-numbing amount of receipts around, “Businesses can simply compile all their receipts, send them to us and we scan, enter the data and categorize them.”


Now the Company offers an “Accounting Professional Plan” which allows CPAs to do the exact same thing for those clients who aren’t so organized with their bookkeeping, “CPAs can either have their clients send us the receipts directly or they can send the us shoebox that gets dropped off on their desk and we’ll take care of the rest,” Stacy said.

Once all the data entry is finished you can access the information via your business’ account and for CPAs, you can create sub-accounts for each individual client. These reports can then be exported to a number of applications including QuickBooks, Quicken, Excel, and others.

The Company has also developed a free iPhone app that will extract all the information from a photo of the receipt. So for you Holiday Inn jockeys out there, you don’t have to stuff all your receipts in your suitcase and try to decipher everything you spent two weeks later.

“So far all of the feedback from our clients and users of the mobile apps have been great, however everyone wants more features both in their accounts and for the app,” Stacy told us.

Stacy also maintains the Shoeboxed Blog that is updated a few times a month that has areas for “Small Businesses”, “Taxes”, “Budgeting” and “Shoeboxed.com Resources”. She also informed us that they have a very active Twitter account, “We like to use Twitter to make announcements, to highlight recent press, and to retweet some positive feedback from followers, but we will also respond one-on-one if a user has an issue and reaches out to us via Twitter.”

If you’re not hip to the whole Twitter thing the Company has online customer support and a toll free number for all your questions.

The Company has several different plans for both businesses and accountants and both come with 30 day trials. So if you’ve more nightmare clients thatn you can count, what are you waiting for? Thanks to Shoeboxed, now you can add more clients instead of wanting to physically attack them.