![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
livingdebOkay, this is the most amazing set of password rules I've had to deal with yet:
* must be between 8 and 12 characters in length
* cannot reuse any of last 10 passwords
* must change password at least every six weeks
* cannot contain blanks or more than 2 repeating characters
* must contain at least 1 letter, 1 number, and 1 special character
* allowed special characters ! @ # $ % & * ( ) - + = , . < > : ; " '
Your session also times out after 30 minutes, so you have to keep entering your gobbledy-gook password repeatedly. I guess that could help you remember it.
Also, I know from past experience with this system that if you type in a wrong password three times in a row, you are locked out and have to get your supervisor to call an administrator to reset your password.
Other rules I've seen are that there can't be any words of three letters or more, even obscure ones you've never heard of, embedded in your password and that you can't use symbols that |00k |ike le++ers if it makes your password look like it has a word in it.
I think someone should do a study that looks not only at the guessability of passwords, but also on the ease of finding one on a scrap of paper under a keyboard.
I really hate security systems. That's probably because I've never been attacked, but I am often trying to gain access to my own stuff. I do know that it's better to have to lock and unlock things many times than it is to be attacked. And it's also generally better to be accidentally locked out of things, even several times, than to be attacked once, though I can think of exceptions (locked out of office all weekend where you accidentally left your life-saving medication, which you forget about until you have an attack, by which time it's too late).
But after a while, just trying to access your own stuff starts to get depressing. Have you ever thought twice about visiting someone in a gated community because you didn't feel like dealing with their security system? Have you ever felt your blood pressure rising because you're about to enter your password for the third time, even though you're sure this time that you have the right one and that the caps lock button is not engaged, probably? Have you ever changed the locks and then found your missing key right in your own possession?
It's not fair.
So, calling all attackers. Quit attacking people. You are not just hurting them, but everyone.
Oh wait, none of my readers are attackers. Well, um, thank you then. Because you people are way too smart, and we'd have to have non-word-including passwords of over one thousand characters. And we wouldn't be allowed to have passwords which make patterns or pictures on the keyboard or which do not give you carpal-tunnel syndrome. In fact, we would also need to hold down several keys at once a few times. Also our keyboards would be glued to our desks so we couldn't hide the passwords there. And our telephones would be glued down. And staplers. And we would need to change our password every time we accessed the system. Actually, we would need two people to enter passwords unknown to each other at once, and each person would have a back-up person who also knows their password (a different back-up person for each password), and then if the wrong two people are sick or on vacation, we are still in trouble. And it goes without saying your password cannot be connected to anything that changes over time (and thus is easier to remember) like dates or astrological signs or seasons. We would all need special memory enhancement pills just to get into our systems. Which sounds good, but they'd probably have horrible side-affects.
* must be between 8 and 12 characters in length
* cannot reuse any of last 10 passwords
* must change password at least every six weeks
* cannot contain blanks or more than 2 repeating characters
* must contain at least 1 letter, 1 number, and 1 special character
* allowed special characters ! @ # $ % & * ( ) - + = , . < > : ; " '
Your session also times out after 30 minutes, so you have to keep entering your gobbledy-gook password repeatedly. I guess that could help you remember it.
Also, I know from past experience with this system that if you type in a wrong password three times in a row, you are locked out and have to get your supervisor to call an administrator to reset your password.
Other rules I've seen are that there can't be any words of three letters or more, even obscure ones you've never heard of, embedded in your password and that you can't use symbols that |00k |ike le++ers if it makes your password look like it has a word in it.
I think someone should do a study that looks not only at the guessability of passwords, but also on the ease of finding one on a scrap of paper under a keyboard.
I really hate security systems. That's probably because I've never been attacked, but I am often trying to gain access to my own stuff. I do know that it's better to have to lock and unlock things many times than it is to be attacked. And it's also generally better to be accidentally locked out of things, even several times, than to be attacked once, though I can think of exceptions (locked out of office all weekend where you accidentally left your life-saving medication, which you forget about until you have an attack, by which time it's too late).
But after a while, just trying to access your own stuff starts to get depressing. Have you ever thought twice about visiting someone in a gated community because you didn't feel like dealing with their security system? Have you ever felt your blood pressure rising because you're about to enter your password for the third time, even though you're sure this time that you have the right one and that the caps lock button is not engaged, probably? Have you ever changed the locks and then found your missing key right in your own possession?
It's not fair.
So, calling all attackers. Quit attacking people. You are not just hurting them, but everyone.
Oh wait, none of my readers are attackers. Well, um, thank you then. Because you people are way too smart, and we'd have to have non-word-including passwords of over one thousand characters. And we wouldn't be allowed to have passwords which make patterns or pictures on the keyboard or which do not give you carpal-tunnel syndrome. In fact, we would also need to hold down several keys at once a few times. Also our keyboards would be glued to our desks so we couldn't hide the passwords there. And our telephones would be glued down. And staplers. And we would need to change our password every time we accessed the system. Actually, we would need two people to enter passwords unknown to each other at once, and each person would have a back-up person who also knows their password (a different back-up person for each password), and then if the wrong two people are sick or on vacation, we are still in trouble. And it goes without saying your password cannot be connected to anything that changes over time (and thus is easier to remember) like dates or astrological signs or seasons. We would all need special memory enhancement pills just to get into our systems. Which sounds good, but they'd probably have horrible side-affects.