Security Passwords and Reality

On the most basic level a security system isolates sensitive information and then limits access to that information to approved individuals. It is analogous to handing out office keys to employees. In theory it is possible to create perfect security for your computer system. However to do so would make the security measures so cumbersome and time consuming we would never get any work done. In the real world we compromise between efficiency and security.

In most offices, passwords are the principle method of allowing access and authorization. But oftentimes users forget their passwords. When this happens a new password needs to be assigned, involving time and effort. Another problem with passwords is the tendency for both dentists and staff – for the sake of an easy life – to lend their passwords to the other people working in the office.

The first level of security is a simple Windows logon password. This is like the key to the front door. A logon can do two things. First it is a simple way to prevent an unauthorized person from using a workstation and getting or changing information. Second it can identify who made an entry. In theory an administrator can track every keystroke from any computer in your office. If a particular workstation is only used by one person and if that person has a unique and secret password and if that person never leaves their computer while it is logged on then it is possible to determine who made every entry.

However in the real world in a real dental office we don’t use our computers like that. Each workstation may be used by several people during the day, especially in the clinical area but even at the front desk. We almost always leave our computers on when we leave the area. It is too much trouble to log off and log on each time we get up to help a patient, check on a case or talk with a teammate.

Plus Windows passwords are seldom unique and rarely secret. After all if Mary at the front desk is sick today we still need to use her computer. As a result staff members share passwords regularly and usually pick a password they can easily remember. Or better worse yet they leave a sticky note with the password stuck on the machine.