A Business Technology Place

Easier password rules

Somebody give these guys a high-five.
Finally. There is a glimmer of hope for resolution to the insanity that has become password complexity rules. The National Institute of Standards and Technology recently revised guidelines for password complexity. The prescribed password complexity recommendations are detailed in Appendix A – Strength of Memorized Secrets. The NIST findings not only acknowledge the impact to usability of the existing recommendations for complex password rules, but they reveal the impact to improved security is not significant. This will make you smile and is sure to get a round of applause from everyone. Here’s an excerpt:

“Humans, however, have only a limited ability to memorize complex, arbitrary secrets, so they often choose passwords that can be easily guessed. To address the resultant security concerns, online services have introduced rules in an effort to increase the complexity of these memorized secrets. The most notable form of these is composition rules, which require the user to choose passwords constructed using a mix of character types, such as at least one digit, uppercase letter, and symbol. However, analyses of breached password databases reveal that the benefit of such rules is not nearly as significant as initially thought [Policies], although the impact on usability and memorability is severe.”

The new advice is to consider the length of the password more important than the complexity. Shorter passwords are easier to break for computer programs. Longer passwords are more difficult to break after they have been encrypted and stored. The NIST acknowledges the over complex password rules we’ve been subjected to only enforce bad behavior when we strive to make the password easier to remember. In other words changing your password from “Password1!” to “Password2!” doesn’t really help the password to be more secure.

Randomly generated passwords are OK as long as they don’t create a usability hassle. Some users, like me, use a password vault tool that can randomly generate passwords to use with specific sites. Again, longer password length is better even when using random characters.

I looked at my accounts.
I used this guidance and examined three financial services sites where I have accounts. Here is a look at the current password complexity requirements from each site:

Site 1
At least 8 characters in length
Has at least one letter
Has at least one number

Site 2
Must contain 8 to 20 characters including one letter and one number.
May include the following characters: % & _ ? # = –
May not contain spaces

Site 3
Minimum of six characters
Must use a mix of letters, numbers, or symbols

The good news is I can use my random password generator to create passwords longer than say 8 characters. It’s no more work for me because I go to my password vault tool to retrieve passwords anyways. But even if you don’t use a password vault tool, you can make your password much more secure by creating a phrase that complies with the existing rules. For example: ILove2seemygrandmother would fit the requirements. It is easier to remember and more secure. Hopefully, the new guidelines will find a place with technology compliance and regulation and we’ll be able to more freely submit password phrases in the future.

Onward and upward!

Employee Growth Chart

Childhood memories.

Did your mom mark your height on the door frame as a child? Let’s admit it. Those pen marks on the door-frame each year were exciting. It was even more fun if siblings, or other relatives, were marked on the door as well. What was it about the marks that made it so fun? Was it that we could see how much we were growing each year? Was it that we could see how close we were to a height goal? Or was it that mom would see our progress? Whatever the reason, one aspect that jumps out to me is the childhood growth chart was a visual control. We didn’t think about that at the time, but using visual controls play an important part of business life.

 

Employee growth.

A few years ago I wrote about a key concept for employee development, “employee development is better executed as an ongoing part of a business rather than an event.” As I map and transform many of my business activities to TPS and Lean principles, I think about how this relates to Principles 9 and 10.

 

Principle #9 – “Grow leaders who thoroughly understand the work, live the philosophy, and teach it to others.”

Principle #10 – “Develop exceptional people and teams who follow your company’s philosophy.”

 

The verbs ‘grow’ and ‘develop’ describe an ongoing process. To measure progress of the growth journey, we’ll need visual tools and controls.

 

Make a chart.

One tool I started using a few months ago is a flow and performance board for visual management. This is a good spot to track employee growth metrics. I’m doing this with an eye towards professional skills enhancement and team cross-training.

 

Step 1: Create a skills matrix of the staff to document the current state

Step 2: Create an individual training plan for employees that addresses their personal growth as well as overall coverage the team provides to the business.

Step 3: Make it visible just like mom did. J

 

Here’s a very simple chart framework.

(Ratings 1-5)

Skill A Skill B Skill C
Employee A 2 4
Employee B 3
Employee C 2 3

Here’s a simple action plan (employee development plan).

Task Due Date Notes
Employee A increase skill A to level 3. December 31
Employee B learn skill A to a level 2. October 31 Currently employee A has no backup for skill A
Employee C increase skill C to a level 4. November 15

Onward and upward!

 

Photo Credit: Rochelle Hartman via Flickr Creative Commons

 

Mapping software development to Lean IT.

The right process will produce the right results.

A core concept of the Toyota Production System is the right process will produce the right results. The “right process”. What exactly is that? Software development practitioners spend entire careers in search of it. Everyone has ideas and rationale to support various methods including Waterfall, Agile, and Hybrids.

But there is more here than a methodology match. As I consider how to adopt and grow Lean business principles in IT, I face a classic dilemma; how do I influence standardized tasks and visual controls into a software development process? Software developers are a different breed of office worker. Many of them have personality traits which make consistent processes quite a challenge.

Are software developers rule followers?

Here’s what I know about guys and gals that write code for a living:

  1. They are puzzle solvers
  2. They are inspired by writing code not documenting progress
  3. They don’t enjoy estimating because they don’t want to time box their craft
  4. They are artists who care more about how code is written than the process used to govern the project

So here’s my dilemma. A software developer is a person who is a creative problem solver that needs space to be an artist and really just wants to write code. How I put that person in a system that seeks to define standard processes and visual controls as a means to provide customer value?

Software developers are rule followers. They write code against a predefined language syntax. They crave requirements up-front before they start writing code. But software developers are also artists. They want freedom to express their talents through what they create, not a set rules defined by someone else.

Lean IT. Finding common ground.

When faced with opposing viewpoints, I believe the best approach is to focus on common ground. What do Lean IT and the attributes of a software developer have in common? Everyone wants these things:

  • Eliminate waste – Businesses like the effect on the bottom line. Developers don’t like spending their time on busy work.
  • Increase customer value  – Businesses like the effect on sales and repeat sales. Developers like having jobs and customers giving them new problems to solve.
  • Standardized work – Businesses like repeatable tasks that can be improved. Developers like a clear definition of what is expected of them.

Starting with these concepts, I think it’s possible to get developers on board with Lean IT.  With a little flexibility, compromise, and focus on the core business principles of Lean, a team can move down the path of increasing customer value. Let’s start there.
Onward and upward!

Photo credit: https://flic.kr/p/6U71RM – Jeff Sandquist via Creative Commons

IBM reverses course on work-from-home

We can improve business results with this change!

IBM recently announced the end of work-from-home for the Marketing department as it moves towards regional offices for co-locating the Big Blue workforce. They aren’t the first to do this. Yahoo reversed course in 2013 by banning work-from-home and Best Buy followed their lead. Could this be another business cycle forming? Companies have been centralizing and decentralizing organizational layout for years as they switch between shared service cost-savings and greater focus on customer needs. Now it appears working-from-home, telecommuting, and flexible work arrangements may start going through similar cycles.

The debatable points.

Working-from-home has many characteristics and touch-points to create debate:

  • Team collaboration vs private think-time
  • Consistent schedules vs flexible schedules
  • Meetings together vs conference calls
  • Productivity of the group vs productivity of the individual
  • Commercial office cost vs home office cost
  • Relationships and culture
  • Employee retention
  • Commute time

The irresistible force to change something.

It’s easy to see how business leaders are drawn towards this policy as a means to improve efficiency and productivity of their workforce. The debatable items can all impact workforce productivity. But change is initially disruptive and must be executed properly to yield the desired results.

Obviously there is no single right answer. Organizations must weigh options and make decisions based on their business environment, their workforce, and their culture. Workers have preferences based on their life-stage, distance from the office, position in the organization, and personality.

Regardless of personal preferences, it does not change the mission of the organization or the commitment required of the workforce to produce great work. Ultimately, managers make a decision and move forward with it to create the culture and environment they want to achieve the mission of the organization. The work-from-home policy attracts or repels would-be workers. But the workforce needs to understand the interests of the company must survive to provide services customers will buy and to provide long-lasting security for employees.

Onward and upward!

photo credit: Debra Roby via creative commons.

Is the rabbit big enough to chase?

Stay the course.

Six weeks into the New Year is when many people lose their motivation to follow their New Year resolutions. It’s difficult to have the discipline required to change behavior.  It’s also around this time when we are tempted in our businesses to shelve the new annual plan. It’s not intentional. We get busy with the day-to-day steps to run the business and solve immediate problems. Years ago I decided I couldn’t let this happen. I make the IT annual plan in a portable format. After reflecting on using this approach the last few years, I’m thinking about how to introduce technical margin in the plan next year.

Rabbits, squirrels, and other tempting things.

Throughout the course of a year distractions tempt us to wander from our plan. Some of the new things we see are good and worth making adjustments to achieve. But most distractions are industry fads, marketing mind tricks, or situations of minor inconveniences we make into urgent matters. I call them office squirrels or rabbits.

Every week my voicemail and email have unsolicited messages about products and services to make my life easier. Every week someone suggests a new project to solve an opportunity they see in their work area. Every week unplanned requests enter the organization from a variety of sources including customers, auditors, and executives.

“Is the rabbit big enough to chase?”

The question is so easy to ask but difficult to answer. The rabbit begs us to chase it. It lures us with the temptations of rewards and the fear of not catching it. The annual plan consists of activities to support long range goals, the organizational mission, and the core values. The rabbits may support organizational improvements too. But something I’ve learned is to accomplish the plan of great things we often have to learn to say no to some good things.

“Is the rabbit big enough to chase?”

The rabbit hole.

I’m not advocating sticking to the approved plan without the ability to make tactical course corrections or even the ability to alter goals. Executing and closing projects on the plan is hard enough without the distractions of office rabbits. We make calculated decisions through the course of the year. Changing course on a whim, or because an influential requestor swayed opinions, is expensive to the productivity of the organization. Changing course quickly promotes short-term thinking and often results in mistakes. How many times has a ‘must-have’ project for a customer never used or cancelled halfway through implementation? That’s when the rabbit disappears down the hole and we look up to discover we’ve wandered from the path and deeper into uncharted woods.

I am carrying on a great project and cannot go down.

I’m passionate about following the plan, or going on the hunt every week. But I make mistakes and follow rabbits that run down holes. So I’m trying to grow wiser through experience. I want to make decisions with the long term success of the organization in mind, keep the annual plan readily available to maintain focus and alignment, and make decisions through consensus to support the mission and core values.  

In the book of Nehemiah in the Bible, Nehemiah was tempted by adversaries to stop rebuilding the wall around Jerusalem. He stuck to his plan saying “I am carrying on a great project and cannot go down. Why should the work stop, while I leave it and go down to you?” He was intentional and focused on his plan. He considered the cost of leaving the work for what his adversaries promised. By doing so, he avoided the rabbit and completed his goal. I like it. Let’s stay focused.

Onward and upward!

Photo Source: Ballad of the Lost Hare – Public domain book.