Main > Everything Else
Password requirements are getting ridiculous
ChadTower:
--- Quote from: leapinlew on September 18, 2008, 03:43:17 pm ---. You may have done some corporate security for your company, but some of us have to work within the confines of DCID 6/3, Sarbanes Oxley, Safe Harbor, or HIPAA where logic need not apply.
--- End quote ---
My employer is fully bound by HIPAA and SOX, actually. Not all internal apps need the same levels of security. Depends on point of access and content within.
leapinlew:
--- Quote from: ChadTower on September 18, 2008, 03:40:29 pm ---I'd have more comments but it's a ---smurfy--- day at work and I'm probably way too pissed off about that to keep this level. I'm out. Smiley
--- End quote ---
--- Quote from: ChadTower on September 18, 2008, 03:59:03 pm ---My employer is fully bound by HIPAA and SOX, actually. Not all internal apps need the same levels of security. Depends on point of access and content within.
--- End quote ---
LIES! You can't be trusted. :)
SavannahLion:
I feel your pain. The whole password issue is becoming a big PITA. I understand the requirements. I know why it has to be done. I even understand some of the technical issues behind some of the decisions that are made regarding passwords. Still doesn't change how I feel about it though.
About ten years ago, I worked for a company that had the most absolutely insane security method I've ever come across... ever. To this day they were the only company that required a password for exiting the system, but not for entering the system.
Let me clarify. Absolutely anyone could walk right in the front door and look at our computers, launch our software, and go so far as to look at customer accounts (everything except banking information), manipulate any portion of the system involving customer orders, then walk out. All assuming they understood how to navigate our systems. But to get out of the system... at all, required a password. :dizzy: :dizzy: :dizzy:
In any case, I think I'm up to around 100 or so passwords for all the different systems, tools, and whatever I have to access. The top twenty or so is kept in Firefox or on a small dongle. The rest are kept elsewhere. I tried the same as you, but I found it's impossible to ever satisfy the requirements of every admin and after a backdoor on my old site a few years ago through a different unsecure website, I changed my password creation and storage methods.
boykster:
Here's what I did to generate fancy passwords without thinking too hard or worrying about remembering them:
I wrote little hash generation program that I keep on my memory stick. The program generates a hash with length of my choosing based on 2 keywords - I use a common "generic" password that I can easily remember, then I use the name of the site: yahoo, google, etc. I just need to keep my little program with me on my memory stick and I dont' have "remember" any passwords except for my common generic one. If I get really creeped out, I can even change the encryption key of the hash - so that gives 3 variables I can change easily to alter what has is generated.
Problem is, I lost the memory stick and am too lazy to re-write the software :dunno
Ed_McCarron:
--- Quote from: shmokes on September 18, 2008, 12:26:51 pm ---
--- Quote from: punxrus on September 18, 2008, 11:59:24 am ---Random password generators are good for people like you. They do all the hard work for you. It sucks that people are making so many requirements for passwords, but it's better to be safe than sorry. Especially if you are prone to using the same password for everything...
--- End quote ---
I don't have a problem generating the passwords. My problem is remembering them.
--- End quote ---
Try this: Pick something you're familiar with. Take for example, "schmokes"
Look at your keyboard. Type "shmokes", but instead hit each key one up and to the left for this - it becomes "wdyj9i3w"
Easy peasy.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version