The IT security department at Berkshire-based logistics firm Hargreaves & Sons has this morning completed its eighth consecutive Monday morning session explaining the fundamental concept of password authentication to the same group of senior staff members, sources have confirmed.
The ninety-minute meeting, which has now consumed more man hours than the company’s entire digital transformation initiative, was called after Finance Director Graham Pelham locked himself out of the payroll system by entering his wife’s maiden name, his own mobile number, and the phrase ‘I don’t know, the usual one’ in various combinations.
IT Security Manager Rachel Venables, who began the role eighteen months ago with what colleagues describe as ‘genuine optimism’, delivered the presentation with the hollow-eyed determination of someone who has made peace with futility.
“We covered capitals, numbers, special characters. We explained why ‘Password123’ appears on every list of compromised credentials published since the internet began. We discussed not writing passwords on Post-it notes affixed to monitors,” Venables said, staring at a point roughly three feet beyond the visible horizon. “Graham asked if he could just use his birthday instead. I said no. He asked if he could use his birthday backwards. I developed a slight twitch under my left eye that I don’t think is going away.”
The session follows seven previous Monday meetings covering identical material, each prompted by weekend lockouts that required emergency callouts. The IT department has compiled what it describes as ‘a fairly comprehensive database’ of creative excuses, ranging from ‘the computer changed it without asking me’ to ‘I’m certain the password is correct, the system must be broken’.
Pelham, a fifteen-year veteran of the finance department who signs off on the company’s cybersecurity budget, maintains that the current password protocol represents an unreasonable burden on staff productivity.
“I’ve got three different systems, each wanting a different password, and they expire every month,” Pelham explained, using the desk drawer containing a ruled notebook labelled ‘Logins’ as an armrest. “Nobody can remember all that. It’s not realistic. I’ve suggested we just use something simple that everyone knows, like the company name with a number after it, but apparently that’s not secure enough. I don’t see how anyone would guess that.”
The company has invested approximately £47,000 in password management software over the past two years, none of which has been installed by any member of the senior management team on the grounds that it ‘seems complicated’ and ‘probably needs a password to get into it anyway’.
Venables confirmed that next Monday’s session will likely cover the same material, possibly with the addition of explaining why ‘Passw0rd123’, featuring a zero instead of the letter O, does not constitute a meaningful security improvement.
The IT department has begun circulating what it characterises as ‘a speculative job description’ for a new role titled ‘Eternal Password Explainer’, with a salary range described as ‘whatever it takes’ and a benefits package including subsidised therapy.