Well Hallelujah! Big Brother has finally acted!

I just checked into a motel today that not only has a password for its internet access, and not only a good, secure password, but — get this — it was automatically generated when I checked in and asked about internet access, and that everyone gets an unique password. They told me that it has an expiry time that I could choose when I first logged on; if I mistakenly chose one too short, I just would have to call the front desk for a new one. I know it’s unique to “me” because I’m using two laptops on this trip, my company machine for company business, and my personal laptop for personal stuff, and when I tested the original password on my personal machine after having used my company machine, I was told that the limit of accounts attached to the password had been reached, so I called the front desk and they gave me another one, no questions asked.

Some would say that the unique passwords could be a violation of my privacy. Possibly, if they happened to tie the password to my room; I don’t know if they have, but in this case … well, the conspiracy theorist in me has not been awakened (I know, famous last words. 🙂 ) I suppose I’m not fond of the notion that the unique password could be used to against me, including wrongly and/or maliciously.

However, I suspect that I’m safe; hotels are generally in the business of being discrete as part of their profit motive, so keeping track of who gets which password or derivative information about my internet use is, well, not generally in their interest. Then again, perhaps I should also be worried about the key card hotels give me and whether they are keeping track of how often I go in and out of the room, or use the pool, hot tub, exercise room or laundry room protected by the key cards. Ooops, they took down my name, address, and phone number, and they have credit card information linked to me when I signed in! My privacy has already been thrown out the window!

I shouldn’t be — I figure that this should be the norm — but I’m sincerely impressed that this hotel protects its business resources much the same way they they protect the others, such as the aforementioned rooms, pools, hot tubs, exercise rooms, laundry rooms, and the like.

Hotel internet access passwords — Here’s a case for Captain Obvious

In the past 4 weeks I have spent as much time in my own bed at home as I normally spend in hotels for business over 6-12 months (about 4 nights.) As such I have been using a few hotel internet hookups.

First, the good news from Captain Obvious is that most hotels and motels in North America these days seem to have wireless internet. I know, I’ve been using hotel/motel wireless for about three years now, but now it’s so commonplace, that my experience last fall near Boston at an otherwise charming New England Inn where they used a large group of computer savvy geocachers as guinea pigs for their new wireless internet setup seems odd.

Next, to set the stage, Captain Obvious is observing that several years ago when people started getting wireless routers in their homes and offices and anywhere else, after a while people learned that they had to lock down their router with a password that nobody knows except, well, those with whom they wanted to share their bandwidth (and only those with whom they wanted to share their bandwidth), so that, well, you know, the neighbours don’t decide to save a few bucks on a cable modem and piggyback on yours. Or use so much of it that you start getting overage charges, assuming that their theft of your signal doesn’t significantly affect your use of your internet. Or that strange looking people don’t park in front of your house for hours on end for no apparent reason. Or worse yet, do so while doing things that would have the cops knocking down your door for doing things like, oh, who knows, downloading kiddie porn or spamming or hacking into financial institutions and stealing large sums of money.

Which makes me wonder about the all the hotels I’ve been staying at over the past month:

– The first one had a great, really secure password, that hadn’t been changed in over a year and a half.

– The next one used the hotel’s name with a few numbers added to the end. I don’t expect that they change it very often, if at all; I’ve used that hotel a couple of times over the past three weeks and I haven’t been told that the password has changed. The signals just work fine, and at the end of the week I think it’s even money that it still won’t have changed when I likely will go back to that hotel.

– The next one didn’t even have a password.

– The next one used its fax number as its password. Apparently the owner just recently acquired the establishment and at least has gotten to the point of pulling the plug on the router for a few minutes whenever he notices a suspicious character in his parking lot. There were anywhere from two to four other insecure networks in range, although one called itself “free public wireless”, and the other was a nearby internet café.

– The next one has two routers without a password, and there’s another insecure signal in range.

At each place I have implored the people at the front desk to please install a password and change it at least monthly if not weekly, or even have an unique key generated for each guest or at least each hour for whoever comes in during that period (OK, this is a bit too much Big Brother, but the day may come), and not use a dictionary word; of course two of the five are staffed by employees without any real influence over such matters, and at another I suspect much the same.

In general I wonder how hard it is to have a control panel to their router to change the password, that they remind themselves to do according to a schedule they can mark on their calendar, or they can ask their IT guy to set up a script to do it automatically according to whatever schedule the innkeeper chooses, and they just need a quick reference note to show up on their guest registration screen with the “internet password”. I know, I can’t do it, but I could even figure out how to do a cron job; surely in the MS world it’s easier than that.

I congratulated the first place for their excellent password but said that after a while all someone has to do is stay a night or speak with someone who has and they can get the password. Then they could easily set up a router in the bushes nearby and a few repeaters or a wire to their house a few doors down and bingo, who cares about the cops banging down the innkeeper’s door. The cops *know* that hotel guests will often use their trips to hotels to download things they might never do at home. However, the innkeeper is paying for some thief to reduce the service he’s supplying to his customers just to remain competitive. All he needs is the bad publicity from the cops knocking down his door or those of his clients because of someone in a van with a laptop, who can drive away when the sirens are heard down the street, is conducting some illicit business using a hijacked connection.

I can put up with the nuisance of a fist-time password challenge web page at a hotel. I understand that Friday evenings to Sunday mornings — and possibly other times during the week — there are a lot of guests at a hotel and the speed is likely to be slower as a result. But I wonder about how much slower it is because some industrious person may be hidden somewhere in the bushes or the parking lot, or have a series of repeaters running down the block and slowing down the access I’m paying for through my room rate. Or temporarily losing a connection because the innkeeper is “scaring off” a suspicious character in the parking lot by unplugging his router for a few minutes.

And the notion that my door conceivably *could* be knocked down for someone in the parking lot, or at least, I could be a spectator to such a thing and still be questioned, is less than savoury.

My complaints *are* rather petty compared to world hunger. But that’s not the point: It seems to me to be a good combination of due diligence and, well, good business sense, just to change the passwords on the first of the month, or every Monday. They put key-card locks to the pool, the whirlpool, the exercise room, and even the laundry room (that is coin-operated!) to limit access to their guests.

Why not do the same for their wireless internet?