Everyone has issues with passwords in their lives. I once saw a startup company who’s entire advertising at an event was a big screen that said “Kill Passwords.” They were mobbed by people that stopped to hear what they were doing (Sadly, they haven’t killed passwords yet).
Turns out that EHR users hate passwords too:
Your password will expire in 5 days.
Your password will expire in 4 days.
Your password will expire in 3 days.
Your password will expire in 2 days.
Your password will expire in 1 day.
*Locked out of Epic*
Dammit, I had no idea this was coming! F*cking hate EMR!
— Amy G Dala MD (@AmyGDalaMD) June 29, 2018
The responses to this thread are pretty epic. Here are a few of them that stood out to me:
— Judy Brandt (@judywbrandt) June 29, 2018
Many doctors have felt like doing this…and a few have done it.
You forgot to mention the other 25 days it reminds you…?
— Modern MedEd (@ModernMedEd) June 29, 2018
Sad, but true in some places.
Now you will put the wrong password in 100% of the time for a week.
— Jeffrey W Britton (@sftydc) June 30, 2018
Been there. In fact, I’m always there since some password I use reguarly is always changing on me.
Not only does this practice piss everyone off, by doing so it ends up doing the opposite of what they think it does. "Security at the expense of usability, comes at the expense of security." https://t.co/zPGUivWjEB
— Rhys Thomas (@DrGetafix) June 30, 2018
This is what annoys me most. Many of these password policies aren’t based on security or they’re based on outdated security.
And then wake up the sleeping IT person on call at 3am for a password reset. Bah!
— Christina Shiels (@christinashiels) June 30, 2018
The best reason why IT professionals should get to know more reasonable password policies that are just as or even more secure.
Simple solution. Password phrase, not password. 2 factor authentication for logins. What they all forget to say, after complaining buckets about passwords, is that they left their password on the yellow sticky which the cleaning staff absconded. They can’t have 123456 as a password or password as a password. They aren’t writing the checks for the breach violations. They just plain hate EMRs and this is just another way of making that perfectly clear. They aren’t data entry clerks. And we can go on for days, weeks, months and years.
I wonder if you could survey how many of these same doctors get bent out of shape when they have to change the pin to their credit cards or change the locks on a door?