Odessa
You don't have to be crazy in the this world,but sometimes it helps
Jan/13
2010
2010
These are the new system password requirements at my work:
Passwords must:
• be changed at least every 60 days
• be at least eight (8) characters long.
• No spaces are allowed. Must have at least 5 alphabetic characters in the password.
• Must have either:
• TWO numbers in the password OR
• TWO Special Characters, such as ~!$%^()_+`-={}|][:;?. OR
• One number and one special character
• No more than two consecutive repeating numbers or special characters are allowed. For example: ab111cde and ab!!!cde are not allowed.
• Within your password, there cannot be be "words" (as defined in a dictionary) that are more than 4 characters in length. There can be more than one word in your password. For example, passwords such as one12two are allowed..
• Do not reuse a password that you already have used. Your new password should have at least 3 characters different from your previous password.
• Do not use your email, first name, last name or full name in your password.
• Do not use your account id or variations of your account id in your password. For example abc01 cannot use 10cba, 01abc, 1abc0, or similar variations.
Have a headache? I know I did when read them after failing to reset my password four times. Took me about a half dozen tries and a few unwieldy examples. The unwieldy examples passed muster, but I changed them because I did not want to type them the dozen or more times over the course of the day my computer times-out, which is more frequently than a pregnant woman runs to go pee. I wonder if the people that come up with "password algorithms" take special classes.
Consider this my curse on the person(s) who come up with these requirements and his/her ilk - May you be awaken in the middle of the night to nightmares where you are forced to actually think of passwords with more and more stringent requirements until you have a migraine that makes you want to drill a hole in your head. Then you must try to remember your long password and repeated type that password, correctly without seeing what you type, until your fingers are bloody or numb.
2 comments
Comment from: Roulette [Member] 
nah, what will really kill you... is that none of it really matters.
8 character passwords are complicated enough that if a simple dictionary attack doesn't break it, it's easier to just brute force it or use some exploit to skip it entirely.
The only people stopped by simple passwords are the people in the cubes next to you who want to play a prank on you.
Don't get me wrong... it's good to have to a complex password. But some of the rules they set up... just make it stupid.
8 character passwords are complicated enough that if a simple dictionary attack doesn't break it, it's easier to just brute force it or use some exploit to skip it entirely.
The only people stopped by simple passwords are the people in the cubes next to you who want to play a prank on you.
Don't get me wrong... it's good to have to a complex password. But some of the rules they set up... just make it stupid.
01/13/10 @ 19:51
Comment from: u235 [Member]
Secure systems where I work now require 12 char pw's. Yep, it's a-comin...
01/13/10 @ 20:37
Comment feed for this postLeave a comment