I don’t know what was wrong with my finger this morning but I simply could not get my finger print scanner to work on my laptop. I probably tried at least 100 times. Yes, I was frustrated. My finger hurt, and I was yelling at my laptop. Finally magic happened and whatever random thing I was doing that was causing it to fail stopped happening and I got in. Time for the finger print scanner to go and switch back to passwords. Finger print scanning isn’t super secure anyway. So there, I was, trying to remember an admin password for my account that I set up the day I built my laptop, but had not used once since then. Forget it, my passwords are simply too complex for me to remember if I don’t use them regularly. So what to do? Sure I could crack the password - the thought went through my head, but I really didn’t want to go mess with cain & abel at 6 in the morning.
As an administrator on my Windows NT box I can make other administrator accounts, and change anyone else’s password, just not my own. So instead I created a new admin user, switched to that account, and then changed my original admin user’s password, switched back to that account and then got rid of my second admin account. Herein lies some serious irony. Why can I create admin account that have the ability to modify my own admin password but I don’t even have the power to do that? I’ve seen a different philosophy on UNIX systems. As root I can create new users, chmod, chown, change other people’s passwords, put them in administrator groups and give them sudo access. So it makes sense that when I type passwd I should be able to change my own administrator password without a password prompt.
While it may not make sense for root users to have that much power without having to authenticate to insure they aren’t being hijacked at least it’s consistent with the rest of the security model. I think the same thing applies in lots of different types of web applications too. Administrators should have total access over their users, and should be able to create other administrators, but ultimately they should be asked for their password to perform any function that could subvert their user (or not at all). Either way it should be consistent with the rest of the security model. Maybe this is all academia, but it sure was annoying this morning!