Main > Everything Else
Password requirements are getting ridiculous
shmokes:
But that puts me in the same boat. Ed's idea was good, inasmuch as that gives you a nonsense password that you can still remember. But if I "choose" to use the shift key, I need to remember which letter is shifted. I suppose that I can remember to always shift the first or the third letter, but that doesn't change the fact that I've already got dozens of previously made passwords that don't have any upper-case letters, so I need to change them all, or remember that this password is special. And that still doesn't take care of the need for symbols.
Understand that this only illustrates what I'm talking about. Yours and Ed's ideas are great (I've actually been doing the number/vowel swap since passwords started requiring numbers). And a year ago, those methods would do the trick, but it's not enough anymore. These password requirements aren't just defeating hackers, they're defeating our own ability to manage them sensibly.
leapinlew:
--- Quote from: shmokes on September 18, 2008, 10:19:03 pm ---I think I'd rather deal with the headache of having my security compromised a couple times every ten years or so then this day-to-day, increasingly complex password management tango we're having to deal with.
--- End quote ---
I think if your using public computers, your rate of a security breach will be much more than once every 10 years. More like 10 times in a year. Your password(s) will be keylogged and it doesn't matter how complex they are.
You should revise your strategy and avoid using computers that you cannot validate it's security.
patrickl:
I have a lot of passwords too, but that's because many of those are important and I don't want them hacked when I enter my password on a lot of websites. Or it's passwords which were not mine to choose (passwords for clients etc)
For forums and other non-important stuff I have 2 passwords in use. One old (insecure) and one new (more secure and up to current specs). I simply added some numbers and a special character. So I need to try 2 passwords. That's not such a problem.
The fact that you have dozens of passwords has nothing to do with changed rules. At worst you should have 3 and they could be virtually identical. For instance:
shmokes
shm0kes
Shm0kes#
shmokes:
--- Quote from: leapinlew on September 19, 2008, 09:16:36 am ---
You should revise your strategy and avoid using computers that you cannot validate it's security.
--- End quote ---
Well . . . they're not exactly public. They can only be used by law students at my school.
--- Quote from: patrickl on September 19, 2008, 09:18:24 am ---
The fact that you have dozens of passwords has nothing to do with changed rules. At worst you should have 3 and they could be virtually identical. For instance:
shmokes
shm0kes
Shm0kes#
--- End quote ---
The scenario you describe only works in hindsight. For example. Lets say my first password is smoke. Then people start requiring 6-digit passwords. Now I have smoke and shmokes (I'm forward-thinking so I put in an extra letter). Then they're required to be 8-digit, so I change it to shmookes. Then they require there be a number in it. Not immediately thinking of the number/vowel swap idea, I go with shmookes1. Now, of course, had I known that numbers would be required later-on, I could have just chose shmokes1 way back when they required 8 characters, instead of changing it to shmookes, but I can't foresee the future. So, now lets say I do try to predict the future. Let's say that since people recommend using non-alphanumeric characters, I anticipate that eventually that will be a requirement, so I decide to start using shmookes-1, instead of shmookes1. Pretty clever, eh? Except that now I'm signing up for a site that requires you to choose from only eight characters, not including the hyphen. So, I can just replace the hyphen with a tilde, but what about all the sites I've already used the hyphen.
So, now lets say that my IRL name is Patrick L. And I go by the handle patrickl on various web forums. Maybe . . . just maybe, I also use that username on other things. Let's say, my bank account, or my PayPal account, or my Amazon.com account (which has my credit card stored on file). Since I know that I'm using the same username for websites with VERY sensitive data, and I know that there's a reasonably good chance that some of the owners of the web forums I belong to have plaintext access to my password, that means I need to have a completely unrelated password for secure websites (and really, I should try to keep each of them different to minimize losses in case one of them is compromised). But now, at the very least, I'm using the "smoke" derivatives for relatively unimportant sites like web forums, but I need to start a new set of passwords for my bank accounts and other secure sites. So lets say I decide to start with a secure password right off the bat for those. Lets say I choose 0bama!sgr3at. But then I come across a website that insists on capital letters. Goddamnit. I didn't think of that one. Now I need to add capital letters to my shmookes-1 and my 0bama!sgr3at (that's a zero) passwords. What, my password needs a space in it? ---fudgesicle---! That's two more passwords to remember. Oh, this secure site (0bama) makes me choose from a list of characters that includes the hyphen, while that web forum makes me choose from a list of characters that doesn't? Great, now I need to go back to my old version of shmokes, before I put a hyphen in it. Except I actually have to create a new version, with another character in it. That's okay, I'll just go around to all my forums and change the hyphen to an exclamation point on all my web forum accounts. What? Some web forums don't allow characters at all? Some will allow hyphens, but not exclamation points?
I'm afraid your "worst" case scenario, Patrick, is FAR closer to a best case scenario.
Ed_McCarron:
--- Quote from: shmokes on September 19, 2008, 09:50:31 am ---Well . . . they're not exactly public. They can only be used by law students at my school.
--- End quote ---
Even worse.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version