RANT FUCKING ON-

WTF? I am all about security - fine. All about a good password...fine. I am currently required to remember FIVE passwords, each 16 characters in length or more, 2 caps, 2 numbers (non consecutive), 2 upper case, 2 special characters...each changed every NINETY FRIGGIN DAYS, the changed password cannot contain more than 3 consecutive characters from any of the previous 10 passwords, plus various other passwords (including AKO and the like) changed every 180 days... blah blah blah.

I can no longer access my "work" e-mail unless I am at my desk because I have to have a CAC reader in order to do so, unless of course I want to purchase one and install it on my home computer (s).
We have been "mandated" to forward our AKO mail to our work "Outlook" account for "security" (which I have never done because then I could never access my AKO account unless - AGAIN - I was sitting at my desk).

So TODAY - I get no less than 7, yes SEVEN, notifications from "an AKO security audit" that has identified me as having access to, and mail forwarding from, my AKO account to my Blackberry. Yes, my AKO mail comes to my Blackberry so that I can accomplish ADMINISTRATIVE WORK at any given time. It was one of the reasons I BOUGHT the friggin Blackberry. For this reason, my AKO address is the one provided to anyone and everyone "official" who may need to get in touch with me for "official reasons". Of course, I had to purchase my Blackberry because my unit felt "it would be VERY BENEFICIAL" for me to have one, though there weren't enough to go around to everyone. I must say I use it on a daily basis for work. Or at least I DID.

Next step "if you have concerns regarding this notification, contact the AKO Help Desk" - which I did. Their "answer" was that "the policy has changed and there is no way to dispute it - I will mark your issue as resolved, thank you for using the AKO Helpdesk" I received confirmation my issue was resolved via e-mail....on my Blackberry:rolleyes:

The "Mr. Obvious" answer is then , "Well, I guess work will just have to wait until I get to the office then"...sounds good in passive defiance, but in practicum it is unreasonable and makes life significantly more difficult when "mail" finally DOES get checked and various fires are then WAY out of control and unable to be handled "reasonably".

From here on out, I will have to give my "G-Mail" address for "Official Business" if I want any kind of mobile connectivity. AMybe I shouod come up with one specifically for work like "Sirhumpsalot@gmail" or "bootyshakeslapper@gmail", hell even "Mr.Obvious@gmail"...

The stupidity and the drive to limit productivity in the "new and modern era" never ceases to amaze me.
I will be so very pleased when the next 5 years is over.

RANT OFF -

Eagle

IMO - moments like this make me smile - now - for as much as I miss it all - happiness is my blue ID card and a nice glass of Stags Leap Fay Ranch Cabernet-Sauvignon with my medium-rare grilled rib-eye steak, grilled asparagus spears, avocado slices, and Caesar salad. Cheers! ;)

Richard's $.02 :munchin

The CAC Card reader hooked up to home computer does work, and is not very expensive but it is a PITA. It took me an entire Saturday to make it work. Lots of following instructions and then simply clicking on shit until I had success.

I'm not sure exactly how many hours I worked on it, but I sat down at the desk with a 6 pack and when I finished they were gone and I had a cocktail in my hand. I wasn't worth a damn for the rest of the day so I have to mark that task as taking my whole Saturday. :D

Agreed, remembering these passwords is becoming a sobriety test. The more complex these passwords get the more inclined the lay person is to write it down, completely defeating the purpose. Walk around an office full of your typical DA civilians (DPW in my case) and look under staplers, desk pads, tape machines and be surprised what you can find. Most of my new “best friends” can not remember their pins…In the past when I had a duty BB it was from an exchange server the DOIM control, but it sounds like you do not have access to this level of garrison service. Avoid the CAC attachment to the BB, it makes it about an extra inch thick. Perhaps the outfit you are working for might have some privacy constraints (HIPA for instance) and find a BB for you which is secured.
Good luck.
AO

I got the same repeated messages from AKO on my Blackberry today. I have to admit that I was a little confused and even felt bad as I learned that I was in violation of AR 25-2 para 4-5a8 which apparently prohibits forwarding of official mail to non official accounts. I was confused because I know of at least one person with what I thought was an "issued" Blackberry for doing Army business.

I'm a little bit relieved to know that I'm not the only one that this came as a surprise to.

I can understand the concept behind the regulation, but it seems to me like this is a very regressive policy. It seems pretty freaking stupid to mandate use of AKO e-mail and then limit your access to when you happen to be in front of a computer that has internet access. I'm sure that Eagle5US has a lot more important business to conduct and less time than I do, but it still pisses me off.

I already use "bootyshakeslapper@gmail" ... find another address.

I already use "bootyshakeslapper@gmail" ... find another address.
Damn...
and I thought I had that one locked up.:D

Eagle

I agree.

The damn things are too long and complicated to remember. And if you could, it changes too often, and you cannot use a good one that you can remember. Worse yet, different accounts have different requirements, so you cannot use the same passwords for multiple accounts.

Until recently, I was using (on a regular basis) no less than 8 passwords on government systems. The best solution is to create an encrypted document with the passwords on it, and keep it in a safe place. Otherwise, you find them hidden all over the place.

The huge number of personal accounts required for banking, etc., are even worse.

TR

I agree.

The damn things are too long and complicated to remember. And if you could, it changes too often, and you cannot use a good one that you can remember. Worse yet, different accounts have different requirements, so you cannot use the same passwords for multiple accounts.

Until recently, I was using (on a regular basis) no less than 8 passwords on government systems. The best solution is to create an encrypted document with the passwords on it, and keep it in a safe place. Otherwise, you find them hidden all over the place.

The huge number of personal accounts required for banking, etc., are even worse.

TR

The funny thing is that the cyber attacks that are getting to DOD, like the one at the Pentagon, are not happening through e-mail password hacking, or through "human/social engineering" (knowing a little about you in order to get access to your "hints" and thus, your password), but from the inside of the programs. Through firewall defeats and so on. It's kind of like making your front door out of 3 inches of solid iron, and discounting that your windows are just made of 3mm of glass.

I use two programs that help me with strong passwords.

The first is e-wallet;

http://www.iliumsoft.com/

for 29.95. I get the impression they have a version that works on the Blackberry.

The second is Web Replay;

http://www.deskperience.com/web-replay-password-manager/web-replay.html

also for $29.95

I am under the impression that each provides strong encryption.

Of course, I don't know anything about the security protocols required in your environment...

I have long used a company by the name of Jfax. I received an advertisement from them today, and it might be of use to you:

LINK (https://www.gotomypc.com/tr/efax/%7Cefax/paid/2009_Q2/061809/scrty_easra%7C/g22lp?Target=mm/g22lp.tmpl)

It permits remote control of your office computer, with 128 bit encryption of the data stream.

Please accept my apologies if I have gotten too far out of my lane.

five notifications today...

No worries. Now I finally will have a reason why I don't drop everything at the drop of a hat when my Blackberry starts to buzz. I will offer my PERSONAL e-mail in my official signature with the caveat that it NOT BE USED FOR OFFICIAL TRAFFIC. My "desk-side" e-mail will now be checked prior to the start of training everyday, and after all training for the day has been completed.

...I prefer the warmth of a human voice when someone wants my undivided attention anyway.


This is actually good news for all of us... "step away from the distracting technological advance"

five notifications today...

No worries. Now I finally will have a reason why I don't drop everything at the drop of a hat when my Blackberry starts to buzz. I will offer my PERSONAL e-mail in my official signature with the caveat that it NOT BE USED FOR OFFICIAL TRAFFIC. My "desk-side" e-mail will now be checked prior to the start of training everyday, and after all training for the day has been completed.

...I prefer the warmth of a human voice when someone wants my undivided attention anyway.


This is actually good news for all of us... "step away from the distracting technological advance"

I agree.

Start taking your time in getting traffic and handling it. Most of it is what I would call junk mail anyway. I can wait till the end of the day (or week) to get the latest safetygram, mandatory IT training nag, lecture invitation, or information on EEO monthly celebrations. If someone wants to talk to you right now, radios and phones work well in most parts of the world.

Not everyone works behind a desk 24/7. Maybe it is time the policymakers realized that. Leave the Crackberry to the POTUS and his staff. Hey, how is he able to use one for work and official business?

TR

#

There is a program out for the blackberry called LogicMail. My understanding is that it acts like a mini version of outlook or the other email programs by using IMAP instead of the aggregation type email collection of BB(which I think is the security issue that AKO is concerned about). It works well for me so far. Very basic no frills program.

We have been "mandated" to forward our AKO mail to our work "Outlook" account for "security" (which I have never done because then I could never access my AKO account unless - AGAIN - I was sitting at my desk).

Eagle

Ran into this problem myself during TDY / deployment...mail being sent to AKO address was being auto forwarded to the work "Outlook" account. Problem is, mail was never seen until after the TDY / deployment was over & needed files are not received until back at home station. The solution is to use :D Sirhumpsalot@mail.us.army.mil, which forces it to your AKO.

Even if people do not auto forward to their "Outlook" account, it is a good practice just in case (many do not know that it is forwarded to their "Outlook" automatically, unless it is tested.)

Hope this helps some.

V/R,

I know the feeling about the whole AKO account thing. For reservists like myself, it's a bit of a hassle to drive 45 min to the base just to check my email, so like others here, it would be nice to get the email at home. I got a CAC reader for the home computer, which would presumably solve the problem BUT.... I've got a Mac.

I thought this wouldn't be a problem since the Mac OS has CAC software built in unlike Windows, but the Army doesn't really officially lend CAC support to Mac. After I couldn't quite get it to work, I called the AKO Help Desk. They said I have to call the Army Mac support people, who then said I needed to talk to the CAC people, who recommended I contact the AKO Help Desk.

Google has lent an answer of sorts, but I need a Windows machine to "flash" the reader before I can use it on my Mac, and each time I try that, it doesn't work either. :rolleyes:

My .mil email is highly secure. Even I can't read it.

'zilla

I know this is an old thread but it sort of fits my problem: AKO.

I was issued a civilian CAC because I deployed down range for the State and will go again. A few months ago, I enlisted into 2/20 SFG(A) and got my Guard CAC. I've been trying to register with AKO but I've been told by the "help desk" (boy, they REALLY need to change that f'ing name!) that I cannot have two CACs and because the civilian one will take precedence.

Have any other Guard guys experienced this problem? If so, what is the workaround? My Guard CAC works for everything except for registering with AKO. Go figure!

Lindy

My .mil email is highly secure. Even I can't read it.

'zilla

The Nirvana for Information Assurance and IT Professionals is a completely locked down network with no users.

The next step I see coming for for us is the installation of an aluminum panel over the keyboard and epoxy injections for all ports and drives (USB, PCMCIA, PS2, CD, DVD, 3 1/2, 5 1/4...etc....etc...)

Fortunately nobody has thought to increase the number of characters required for access to my voice mail.....(oops, did I say that out loud???) :p

Richard's Snide $.02 :munchin


Richard, I fixed it for you........;)