My company email:

- It's time for the monthly password change!
<writes the usual passwod>
- The password must be over 50 characters long!
<adds more letters>
- The password must have numbers!
<adds some numbers, though it's getting irritating>
- The password must have special characters!
<wtf?? Adds a pound character>
- The password must have at least 20 different special characters!
<da fuq???>
- The password must be at least 50 characters, only special characters and invisible tab/LF/CR characters and it must be changed daily!
<head explodes>
- Thank you! Now please sign in with your new password for 200 times per day.
<closes the laptop and starts using Remington type writer>

Usually these remainders start popping up during the 1st vacation day. When you return to the office, the account is already locked.

And then you wonder why people have the passwords written on a post-it or as a plain txt file in SkyDrive.

  • 8
    Noting a bit of exaggeration, but if you don't have numbers or special characters in your normal password. Well... And if you have your usual password that probably also means that you only use one.
  • 3
    @ScriptCoded ... in a professional context.
  • 0
    They are probably right
  • 1
  • 1
    If it had stopped after 50 chars it would have been a bit over zealous but still a very strong password ;)

    But seriously even the person that created the original guidelines for lower/upper/number... has turned and now recommend a long easy to remember password that foes not need regular changing.

    The only valid regularly changing option is one time passwords as part of a multifactor login.
  • 0
    @ScriptCoded not that i know much about how it works, but my password's entropy value is 178 which i think is pretty good, and it doesn't contain any special characters.
  • 1
    @electrineer @Midnigh-shcode I was thinking more of dictionary, rainbow table, or any other type of brute force attack where an a-z only password proves much weaker than one with a single extra special character. But I guess that a password that's long enough or doesn't contain common words is harder to crack.
  • 0
    @ScriptCoded the point was that replacing a letter with a common number or adding trailing numbers is not necessarily efficient regarding memorability and security.
  • 1
    Just use a ridiculous phrase with spaces and punctuation.
  • 1
    @ScriptCoded once the password exceeds 12 chars and no longer is a single word most rainbow tables are useless, there are just to many combinations.

    And 15 or more and three or more words and your back to brute forcing which at that length is beyond current known capabilities.

    So choosing a small sentence of 18+ letters should be secure enough for probably better part of a decade or more (pessimistic estimate)
  • 2
    "Get those antlers down from my table you barbaric casowary!"

    yeah, works for me.
Add Comment