Scene:
It’s a cold Monday morning in early December. Stockholm is not showing its best side to visiting Nobel laureates. The sky is a dull gray, heavy with unfallen snow. A light wind carries a faint bite, swirling icy particles that are neither snow nor rain through the air. The only ones still daring to bike to work are the likes of our hero, Dan, and the occasional student who can’t afford a commute card due to the upcoming Lucia party.
In the cozy developer den of a small product company, our hero and his fellow software developers prepare for this week’s first daily stand-up. The upcoming “ugly Christmas sweater” day on Friday—an event that almost always gets at least one of them sent to HR—is the main topic of discussion. A crackling fireplace video from YouTube flickers on a screen, lighting up their faces.
At the start of the stand-up, our antagonist (and every good story must have one), their ever-charming yet somewhat dimwitted CTO, Archibald P. Martin, enters the room. Sharing his last name, inheritance, and demeanor with Sir James Martin from Jane Austen’s book Lady Susan, the developers have nicknamed him Sir Clicksworth (because, as he once exclaimed, “These buttons! They… click!”).
The Scrum Master, Henry, looks at Dan, his System Architect, with a mix of anticipation and dread. Sir Clicksworth’s visits often bring with them a new buzzword-laden proclamation.
“Good morning, Archie. What can we do for you today?” Henry greets his CTO.
“Oh, jolly good morning to you too,” Sir Clicksworth responds. “I was thinking over the weekend,” he continues, blissfully unaware that the room had other things going on, “about that multi-factor thing the auditors want us to introduce for safer logins. I think it divides the passwords in a very strange way.”
“Well,” Dan replies, trying to maintain his composure, “we’ve already created a plan to introduce this into the product. It’s not that hard to do since our Identity Provider supports it. We just need your approval on the cost.”
“That’s the problem, Dan. I can’t see how dividing the passwords into multiple factors makes them any safer than the current policy! Sixteen or eight plus eight is the same, isn’t it?”
Both Dan and Henry strain not to put their heads in their palms.
Dan, summoning his most patient coaching tone, responds. “I’ve explained this to you several times, Archie. It’s not the password that will be factored. We’ll use a mobile phone or a fob to generate a randomized one-time password, which will be entered after the password.”
“Oh yes, I understand the generating part. But honestly, I don’t see how changing the password every time you log in makes it any safer. Rest assured, though, I have a much better solution.”
Sir Clicksworth looks very pleased with himself. Dan and Henry exchange a glance, the kind that says, Whatever is coming next, no one will believe it at a conference dinner.
“You see,” Sir Clicksworth continues, “I was typing up the new password policy when it hit me: there’s an untapped source for making our passwords nearly impossible to guess. I searched the web and even asked ChatGPT about it, and nobody does this. We’re about to make a major breakthrough in security.”
Dan and Henry watch in silence as their CTO explains his idea.
“You see, we use regular characters for our passwords—lowercase a, uppercase A, numbers, and so on. But when I was adding the latest password to my Word file, it hit me! We could use bold and italic characters in passwords! It would be almost impossible for hackers to try all the combinations.”
“But… but… well… uh… Archie,” Dan stammers, visibly confused, “that doesn’t work.”
“Nonsense! I’ve already tested it. I created a new password in my Word file using bold and italic characters, then copy-pasted it into the system. It works perfectly fine. Our password manager can’t handle it, though, so we might need to replace it and have everyone use Word instead.”
Dan and Henry exchange another look. It was going to be a long week.
