Horrible Ideas in Computer Technology
at around evening time on Sunday, the 6th of January 2008 by Chad
Lets talk… passwords.
Why does everyone hate password policies? Because of the security people who write the policies. Its the laws of unintended consequences.
Security guys would love to make you change your password every week, at least. And have it be 16 characters long full of weird symbols and such. So they tighten up things as much as they can get away with. User hassle is NOT THEIR PROBLEM you see. They’ve said that to me. That they are proud that they work to the detriment of the user community.
And then you do the obvious thing and make really good use of the post-it notes on your desk.
I’ve been doing this tech stuff a very long long time. And I’m incredibly well versed in security. And I have a password or two written on a post-it note on my desk because it is impossible to remember the damn thing. This particular password the security policy won’t let me change to something I’d know.
Now, which would you be willing to do for a good password?
- Change it constantly, constantly forget what you changed it to, losing time while waiting on the help desk to reset your password, write it down under the keyboard.
- Or use a nice long password, 24 characters or longer. A pass phrase or sentence. But one that you maybe change once a year at most. And that every system at work will let you use. Something you can remember easily because you don’t have to change it.
- What is 4 numbers long and is the most important thing to you? Something much more important than any access to any system you may have at work? Your PIN number for your bank account. 4 numbers. That’s it.
Yeah… number 1 is your current state of affairs at just about any company. I can easily deal with the second option. You use a nice long password but you can remember it easily. Or just use the third option, because if a cracker gets a hold of the password database, they’ll have every password cracked in a few days using a single computer, so its a hopeless game anyway.
If you’re talking national security that’s one thing. Anything less though…
![[del.icio.us]](http://pirate-king.com/wp-content/plugins/bookmarkify/delicious.png)
![[Digg]](http://pirate-king.com/wp-content/plugins/bookmarkify/digg.png)
![[Facebook]](http://pirate-king.com/wp-content/plugins/bookmarkify/facebook.png)
![[MySpace]](http://pirate-king.com/wp-content/plugins/bookmarkify/myspace.png)
![[Sphere]](http://pirate-king.com/wp-content/plugins/bookmarkify/sphere.png)
![[StumbleUpon]](http://pirate-king.com/wp-content/plugins/bookmarkify/stumbleupon.png)
![[Technorati]](http://pirate-king.com/wp-content/plugins/bookmarkify/technorati.png)
![[Windows Live]](http://pirate-king.com/wp-content/plugins/bookmarkify/windowslive.png)
![[Email]](http://pirate-king.com/wp-content/plugins/bookmarkify/email.png)
(No Ratings Yet)
Loading ...
January 7th, 2008 at 8:53 pm
At one point we were dealing with the feds in a system at work and they wanted a password
minimum 12 characters long
mix of upper and lower-case letters, numerics and symbols,
changed monthly
never written down.
You can guess how well that went over.