Passwords, passwords, passwords

One day, several years ago, I arrive at work. I wasn’t feeling my best. I think I was suffering from a virus of some kind. I seemed to have a low-grade fever and was achy and tired. I sat down at my desk to begin my work and I mis-entered my computer password. I tried again. No luck. I paused and tried to think what the password might be. I tried several variations on passwords that Id used. No luck. I went to another computer in the office. I was unable to log on. I wasn’t quite panicked, but I was worried. I ended up calling my wife and deciding to go home to deal with my temporary illness. I went home and slept for four hours. When I woke, I could remember the passwords and make everything work again. When I reported the incident to my doctor, I got a stern lecture. My doctor had been my mother’s physician at the end of her life when she experienced several mini-strokes or TIA events. The lecture explained that these events can only be fully diagnosed if they can detect them while they are occurring. The main tool used is a CT scan. In the future, I was instructed, take an aspirin and have someone drive you to the emergency room. If you don’t have someone to drive you, call 911. She warned me of the dangers posed by my driving myself.

The event has not recurred. It has been a long time since it happened. I suspect that it was not a TIA. I had spoken with my wife during the event and there was no slurring of my speech. I believe that I drove safely to my home. A few hours later, I had no symptoms and no further problems. But my doctor is right. Because I didn’t go to the hospital for a full evaluation we don’t know for sure what happened.

I have been thinking about that event recently because one of the parts of planning to leave this job that I’ve held for 25 years is that there are many things that exist in my brain, but aren’t well documented for others. When I came to serve this congregation, it had one personal computer. They had just upgraded to Microsoft Windows after running DOS. I owned a laptop (which really filled a laptop in those days) that I used until the end of the first year when we added the purchase of a second computer to the church budget. I oversaw the creation of a local area network, shared server drive. I set up the church’s first web page and established its social network accounts. I oversaw the installation of the church’s wifi network and remote router system. The church uses some paid services, which are paid from a church credit card in my name. That credit card will be cancelled at the end of my employment. The church has several code devices such as a security system and a kitchen lock that is operated with a code. And all of the usernames and passwords that are used for various software that the church uses need to be catalogued and made available to the next generation of users of the church’s computers. Insuring a smooth transition requires the transfer of a lot of information. In the case of the church, the transfer will probably involve documents that can be printed with lists of codes, passwords and the like.

I have been made even more aware of this because I serve on the board of directors of a local nonprofit that has had problems getting similar information from a former employee who is disgruntled. In some cases, new accounts will have to be set up. People may have to learn new email addresses. There is a lot of information that may be lost if we cannot persuade the former employee to transfer the required information.

We have become immersed in passwords and labels and codes and such. Many of us don’t have all of those things memorized. We use our computers and software designed to track and encrypt such information. Others use passwords that are easily hacked or use the same password over and over again, thus compromising security. The whole business of employing user names and passwords and security questions to determine identity is clumsy and will eventually be replaced by biometric devices. My phone recognizes my face and unlocks when I use it automatically. My tablet computer recognizes my fingerprint and unlocks when I touch the home button. Both devices have number codes as backup in case the biometric devices fail.

In the case of our church, I will be available and will do everything I am able to help if we forget to transfer any critical information. In the case of the small nonprofit, we will do our best to get the required information from the former employee and seek ways to work around the missing information. It may take a bit of extra work, but most of that work will come from volunteers and so won’t affect the operation of the organization. The situation does, however, point out some vulnerabilities in our system. It doesn’t take a disgruntled employee to leave an organization without much needed information. It can occur from a sudden illness or injury of someone active in the organization.

Many years ago, when I was serving a different congregation, our long-time treasurer was stricken by an illness with such a sudden onset that he literally was one day able to produce reports and the next day unable to sign his name. For most of the accounts of the church this was not a problem because we had others who could sign. However, there were a couple of CDs that required two signatures and his was one of the two. It took some time and considerable effort to get the appropriate banking resolutions and information to the bank to allow the congregation to make transactions of the money. It was a reminder of the importance of having backup plans for banking. I’ve made sure that the congregations I have served since have had similar backup plans. We do fresh banking resolutions each year and make sure we have extra signers just in case. We are more vulnerable when it comes to computer usernames and passwords.

The experiences of this week serve as a reminder that it is time to create additional backups for our information.

Copyright (c) 2020 by Ted E. Huffman. I wrote this. If you would like to share it, please direct your friends to my web site. If you'd like permission to copy, please send me an email. Thanks!