So a friend of mine recently developed an interest to work for the Central Intelligence Agency. The CIA. My friend is one of the smartest dudes on Earth and among the few men I revere. He has a sharp mind. He is so discerning of a person’s intentions you might think he has a degree in psychology. He is almost telepathic. And he is well lettered and has the mien of, well, the kind of professionals that are cast in the movies that work for the CIA. I have no doubt in my mind that he will be a great asset for the CIA.
I visited with him yesterday evening. By the time I got to his house, he had already browsed through the career page of the CIA’s website and decided on Political Analyst as the career path he want to pursue with the CIA. He had his resume tailored to meet the requirements of the job he want to apply for. And for the presumed questions the page indicated that he will be required to provide answers to as he proceeds in his online application, he had the answers ready. Then came the online application process itself.
Step 1 has to do with selecting 3 security questions from a drop down list and providing the answers, the purpose of which is to remind the applicant of their login info should they forget their username and or his password. That went pretty smooth.
In Step 2 the CIA website itself generated what to me is a simple alphanumeric username for the applicant. Then came Step 3.
In Step 3, the website requires the applicant to choose his or her own password. And it demands that the password contain lowercase letters, uppercase letters, numbers, and specifically, 2 special characters.
Passwords to me is an illusion of security. Therefore I do not care much about making my passwords complex. So whoever anytime desires to hack into any of my numerous online accounts can do so easily. And I simply do not care. But Kinsella my buddy love complex passwords, not because he is concerned about someone hacking him. It’s just who Kinsella is. Complex. So when it got to the point of choosing the password for his CIA online application form, he came up with the strangest combination of letters, numbers, and characters I have ever seen, while being careful to abide by the password requirements of the website. After he “ENTERED” it, the website told him his password choice was mediocre and that he had to come up with something strong. He felt challenged and rolled out another combination he thought will take the guys at NSA forever to crack. Forgive my hyperbole. The second time the website told him his choice was very week. And this back and forth continued for a straight one hour. He will roll out a combination of lowercase letters, uppercase letters, numbers, and 2 special characters and after entering it, the website will tell him that it was weak, very weak, or mediocre.
Initially, he thought it was a test to ascertain his level of enthusiastic about pursuing a career with the CIA and to determine how determined he is to overcome challenges and be better at generating a more complex set of combination of lowercase letters, uppercase letters, numbers, and specifically, 2 special characters. But after an hour, it becomes a fruitless effort at satisfying some ludicrousness. His perception I must say. I was astonished at the CIA for that stupidity and was very relieved for my friend when he folded up his laptop and called it a day.
Now my friend’s experience could be as a result of a glitch on CIA’s website. But I strongly doubt that because up until that point of entering his choice of password, every other thing was working perfectly.
Meanwhile for my experience with the opening of online accounts, be it for employment, with financial institutions, service providers, or even at my job’s portal, for those organizations who care to, they only intimate you what they think the strength of your password is anytime you create one and suggest that you consider making it stronger if they think the password is not strong. But no institution has ever prevented me from advancing with the creation of an online account on the basis that my password is mediocre. Even though in this case at hand, the password I witnessed met all their requirements and did not come across as mediocre. I guess they are the CIA and they are exclusively exclusive.
Why did they do that?
To prevent a hacker from hacking into an online application for a job which the applicant has not even been hired for? Or maybe they think that the personal information they will be requiring of the applicant to enter in the online application form is so classified that no one besides the CIA would have ever seen or known about it and they (the CIA) want to protect their would-be recruit from identity theft? Maybe. In a world in which we are increasingly becoming public by default and private by effort. I doubt that too.
Maybe the CIA believes that a weak or mediocre password will give access to a prospective hacker into the online job application account of their prospective employee, and maybe that access will in turn give the hacker remote access to the CIA’s intranet. But from the little I know about IT, that is not possible because job application portal and an organization’s intranet operate on a separate and different platforms. I used platform here because I am limited in my knowledge of IT lexicons. And to think of it, how does the CIA know that the person with that strong password in question is not a hacker with sinister intentions masquerading as a prospective employee? And more importantly, since they thought it wise enough for them to generate the username for each applicant seeking to create an online application account, why couldn’t they in their supreme intelligence generate the passwords for the applicant too.
And what is a strong password according to the CIA? Something of this nature: @Br3ZɸcKiα7q!aT%p#Ch*c^7?
Creating a password a password for online job application should not constitute in itself a career, and frustrating genuine efforts of smart, intellectual, and quality citizens to serve their country as intelligent agents by some dumb password rules is not so smart a policy by an elite organization who in recent times are on record for doing some very dumb stuffs.
I suggest the CIA do better at reviewing the password rules they have for prospective spooks for their online application form.
Let the debate continue…