Password foolishness

This is not one of my usual topics, so pardon me for the digression. I'm more than a bit annoyed about all these passwords I'm supposed to use and remember, and I've just got to say something about this latest one - and practice a little civil disobedience at the bottom of this post.

Let me explain. (And apologies for an “inside the ivory tower” blog this week. If you're not an academic, you might want to read one of my earlier posts instead.)

I’m a member of a panel—called a study section—that reads and reviews research proposals to the NIH. In the past, NIH used to send us a large box (by FedEx) with all the proposals, but for a few years now they’ve been sending us the entire set on CD, which is far more efficient.

Last year, someone at NIH got the bright idea to password-protect every proposal on the CD. This means that even though I have the CD, I can’t open and read any proposal without the password. To get the password, I have to login to the NIH website using another password. The CD password, mind you, is a one-time password that only works for this CD – at each meeting of the study section, we get a new CD and a new password.

We have to type in the password EVERY time we open a proposal. This means that when we have the actual meeting, each of us is frantically typing in the password every time we try to open a proposal. At the first meeting after NIH came up with this brilliant idea, every member of the study section protested to our NIH program officer (the guy who runs the panel), and he said he would pass on our plea. Not surprisingly, the response from the NIH bureaucracy was: nothing.

So here’s what drove me over the edge. I’m at a conference this week, and I figured I could use the travel time to start reading proposals for my next study section meeting. I’d loaded the proposals onto my laptop, and I thought I was all set. But then I tried to open the first one. “Please enter a Document Open password” stared back at me. What the heck? I had forgotten about the password protection on the CD, and I was without an Internet connection, so I had no way to read the proposal.

This is ridiculous. Does NIH want us to read the proposals, or not? The password protects one CD, for use at only one meeting. This is nothing more than security “theater” – imposing bogus security measures to give the appearance of improving security, while in fact doing nothing but making the reviewers’ job more difficult.

Well, I’ve had enough. I’m putting the password to my NIH CD right here, and I encourage members of every other study section to join me in this bit of civil disobedience. Maybe we’ll get the security zealots at NIH to stop it.

The password for my NIH study section’s CD is: AJAY$1JAIN

Okay, now I’m in trouble.

9 comments:

  1. I think this all started after a group of bandits intercepted a fedex truck and stole a bunch of ideas from NIH proposals.

    BTW, if you download the proposals from the internet assisted review site, you don't need a password.

    ReplyDelete
  2. "if your ideas are any good, you will have to ram them down people's throats"

    I am a graduate student at a "top" research university and am always amused by faculty members, especially asst profs who are paranoid about other people "stealing" their ideas...most of which are stupid, and all of which are obvious.

    ReplyDelete
  3. Haha I figured that you were going to say you wrote the password in sharpie on the CD or something.

    Writing it here gave me a good laugh.

    ReplyDelete
  4. Glad my panel hasn't implemented this bit of "best practices". Otherwise, I might be tempted to bring a chainsaw to the review meeting

    ReplyDelete
  5. I am in Industry, but am called in to review proposals in the drug discovery area. And, yes, I am also tired of typing in the password each time I need to look at a proposal on the CD. The password is not a very "strong" password either.

    ReplyDelete
  6. I don't think you are in any trouble for posting the password. With the Challenge grants coming up to possibly 14,000 or more (in addition to the regular RO1's, etc.) they are going to need all available warm bodies for reviewers.

    ReplyDelete
  7. I think the same people who designed this designed Grants.Gov

    ReplyDelete
  8. My password is GRANTS4$.

    I made the same complaint to my study section officer, and I was glad when she gave me the hint that Rafa mentions above. I sure don't want to have to download every single application, but I'm at least using this to get password-free versions of the 10 applications to which I was assigned. I expect this will mean that reviewers will read fewer of the proposals.

    A related complaint: couldn't the electronically submitted grants be made readable by humans? The font choices and the organization of the pages are close to unreadable. The budget pages are especially bad. And are the pages of file names really necessary? And generally the bookmarks are all messed up.

    I'm working hard to read the proposals on my computer rather than on paper (and I find it best to open two instances of each, one in Acrobat Reader and one in Acrobat, so that I can look at the references and the proposal at the same time), but I need to first spend 10 minutes on each file, removing useless pages and redoing the bookmarks.

    ReplyDelete
  9. I'm a postdoc, so haven't had to review any proposals, but your story sounds entirely typical of the NIH and maybe even academia in general (esp. our budgeting department!).

    ReplyDelete

Markup Key:
- <b>bold</b> = bold
- <i>italic</i> = italic
- <a href="http://www.fieldofscience.com/">FoS</a> = FoS

Note: Only a member of this blog may post a comment.