Excessive Password Requirements
-
Ours does not prohibit various characters but it prohibits words found in their directory. I find that very annoying because most of my passwords involve my opinion of this policy. What bugs me most about the whole thing is the frequency of changing passwords - currently every three months or four times per year. I am OK with strong passwords but if the password is so strong why should we have to change it so often? I think that is counter-productive and only serves to increase potential risk.
"They have a consciousness, they have a life, they have a soul! Damn you! Let the rabbits wear glasses! Save our brothers! Can I get an amen?"
-
Ours does not prohibit various characters but it prohibits words found in their directory. I find that very annoying because most of my passwords involve my opinion of this policy. What bugs me most about the whole thing is the frequency of changing passwords - currently every three months or four times per year. I am OK with strong passwords but if the password is so strong why should we have to change it so often? I think that is counter-productive and only serves to increase potential risk.
"They have a consciousness, they have a life, they have a soul! Damn you! Let the rabbits wear glasses! Save our brothers! Can I get an amen?"
Rick York wrote:
What bugs me most about the whole thing is the frequency of changing passwords - currently every three months or four times per year.
We had to change it every 6 weeks during almost a year in a previous company... eventually a top manager had problems and then we went to once every 6 months.
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
-
Rick York wrote:
What bugs me most about the whole thing is the frequency of changing passwords - currently every three months or four times per year.
We had to change it every 6 weeks during almost a year in a previous company... eventually a top manager had problems and then we went to once every 6 months.
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
While I dislike frequent pw changes, from a corporate point of view, it presents some "window" in which they know that stolen or lost passwords will become useless.
It was only in wine that he laid down no limit for himself, but he did not allow himself to be confused by it. ― Confucian Analects: Rules of Confucius about his food
-
What annoys me are the sites that insist you sign up with your email address (understandable, they can send a confirmation link to it) but who validate emails to contain the special characters '.' and '@' only ... So they don't accept my email, which has a hyphen ... :sigh: Mailinator, how are you today? Great, got a sign up for you ... :laugh:
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
OriginalGriff wrote:
Mailinator, how are you today?
I use this ALL the time. I've only found one site that didn't allow it.
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
"You can easily judge the character of a man by how he treats those who can do nothing for him." - James D. Miles
-
Slacker007 wrote:
It beats the alternative
Non lengthy requirements? I'm good with that.
Social Media - A platform that makes it easier for the crazies to find each other. Everyone is born right handed. Only the strongest overcome it. Fight for left-handed rights and hand equality.
There is a "time to hack" chart floating out on the internet for a few years now. I saw it about 2 years ago I think. It shows how long it takes to hack a password based on length and complexity. Trust me when I tell you that you want your passwords to be long and complex. Now, with that said, most systems lock you out after 3 failed attempts, which negates the need for anything over a certain length and complexity, but the easy passwords are instant hacks. My standard password follows a predefined patter that I use and is 11 characters long, has caps, lower case, numbers, and special characters, and is easily changed and remembered every 30+ days. I have been using this password pattern since 2012 and it registers as a "Strong" password.
-
CodeWraith wrote:
Win10 is for masochists
And those that like to earn a great living developing Microsoft software. :laugh:
Social Media - A platform that makes it easier for the crazies to find each other. Everyone is born right handed. Only the strongest overcome it. Fight for left-handed rights and hand equality.
You can earn a great living with masochism, but please spare me the details. :-)
I have lived with several Zen masters - all of them were cats. His last invention was an evil Lasagna. It didn't kill anyone, and it actually tasted pretty good.
-
While I dislike frequent pw changes, from a corporate point of view, it presents some "window" in which they know that stolen or lost passwords will become useless.
It was only in wine that he laid down no limit for himself, but he did not allow himself to be confused by it. ― Confucian Analects: Rules of Confucius about his food
I can understand that and kind of agree too, but 6 weeks... when there are workers that don't come to the office for periods bigger than that because they are working abroad... that's silly. We had the issue that soon after the change to 6 weeks policy, a colleague was in holidays and then the first day of work went directly to the airport for a project in the U.S.A. First day there, he logs in (no notice about password because he is offline), at a certain point during the day open VPN and call emails (no notice about needing new password because the windows only check at initialization of the session), then switch off VPN again... Next day: He can't log in (offline) because windows complain about the expiration of the password, he can't log with other credentials because the AD-Server is not reachable without VPN (and without logging in first), he can't log in with local user because policy of the company didn't allow to have any local user. Conclusion: the company had to send him a new laptop by post where the password was change by another co-worker so he could log in and continue working. Luckily the encryption done by our IT was not that good and he could bypass it and get all needing information for the project and current software versions unmounting the SSD and connecting it with an USB-Chase. At the end he had to stay 1,5 week longer to recover the lost time and there were over 7000€ additional costs. We were laughing for weeks and he was mad on IT for months I had a similar situation too, but in my case were only 25 km distance, so I just drove to the company, changed my password and wrote a rant email to my boss and the central IT (but I still was magnitudes nicer than the other guy :laugh: )
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
-
Signed up for a site that had the following password requirements: Must be 8-16 characters Must contain at least one number Must contain at least one lower case letter Must contain at least one upper case letter Must contain one of the following special characters: @ # $ % ^ + = * _ . ? Cannot include a ! or & Cannot start with a ? Cannot have same character repeated more than 2 times in a row (e.g. aaa) Cannot be the same as your user name Very annoying. However, they do not validate the password hint field. I put my password into the hint field and it was accepted. Both the devs and the QAs missed that one. :laugh: :laugh:
Social Media - A platform that makes it easier for the crazies to find each other. Everyone is born right handed. Only the strongest overcome it. Fight for left-handed rights and hand equality.
-
I can understand that and kind of agree too, but 6 weeks... when there are workers that don't come to the office for periods bigger than that because they are working abroad... that's silly. We had the issue that soon after the change to 6 weeks policy, a colleague was in holidays and then the first day of work went directly to the airport for a project in the U.S.A. First day there, he logs in (no notice about password because he is offline), at a certain point during the day open VPN and call emails (no notice about needing new password because the windows only check at initialization of the session), then switch off VPN again... Next day: He can't log in (offline) because windows complain about the expiration of the password, he can't log with other credentials because the AD-Server is not reachable without VPN (and without logging in first), he can't log in with local user because policy of the company didn't allow to have any local user. Conclusion: the company had to send him a new laptop by post where the password was change by another co-worker so he could log in and continue working. Luckily the encryption done by our IT was not that good and he could bypass it and get all needing information for the project and current software versions unmounting the SSD and connecting it with an USB-Chase. At the end he had to stay 1,5 week longer to recover the lost time and there were over 7000€ additional costs. We were laughing for weeks and he was mad on IT for months I had a similar situation too, but in my case were only 25 km distance, so I just drove to the company, changed my password and wrote a rant email to my boss and the central IT (but I still was magnitudes nicer than the other guy :laugh: )
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
-
[Nostromo ](https://alienanthology.fandom.com/wiki/USCSS\_Nostromo) (7 crew-critters + the ALIEN)
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows. -- 6079 Smith W.
-
Only worried about a hyphen ??? Some of these coding genius' essentially block entire domains - I own a .info domain for well over a decade - and it's rejected (> 3 chars). There are a huge number of domains (just from ICANN). I guess that's the internet and of no concern. Basically, it was bound to happen eventually: the script kiddies are now employed, and employed in places where one might actually run into their opus'.
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein
"If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010
That's ok. My email sends everything to spam that doesn't end in .com, .net, .org, .mil, or .gov It doesn't delete them, and I glance at them before deleting. The other TLDs have never been anything other than spam, in my experience.
We won't sit down. We won't shut up. We won't go quietly away. YouTube, and My Mu[sic], Films and Windows Programs, etc. and FB
-
My employer just recently implemented 2-factor authentication. It took me 18 text messages and over 3 hours to get everything working again, and I'll get to do it monthly. I'm campaigning now for a job number to charge for the time it takes to change my password. It takes 4 text messages to get back into my laptop, Skype, Teams and the corporate intranet, 2 each for the 5 servers I'm responsible for, and another 4 to get my phone authorized. And the passwords have to be 9+ characters, at least 1 number, at least one upper case letter, at least one lower case letter and at least one special character, no more than 2 of any character in a row, and can't match any of your 12 previous passwords. I guess it's just one of the hazards of working for a multinational company based in Europe; my previous employer was pretty much at the other end of the spectrum - the CEO's user id and password were both "chris".
RDM Jr wrote:
... get to do it monthly ... and can't match any of your 12 previous passwords ...
Those two requirements are so common that they have a very easy fix that I have been using for over 20 years ... Include the first 3 chars of the month name. It is not perfect, but when one does not use machines at weekends or whilst on holiday, the 31 day months are compensated by extra no-work days.
-
I personally do not mind the lengthy requirements for passwords. It beats the alternative, IMHO.
No !! Passphrases are muuuuuch better than any of these BS requirements. Correct horse battery stables !! My passwords are actually all capitals with minimum 24 chars and non-dictionary words. Good luck to beat this with a complicated 8 char with capital and symbol.
-
What annoys me are the sites that insist you sign up with your email address (understandable, they can send a confirmation link to it) but who validate emails to contain the special characters '.' and '@' only ... So they don't accept my email, which has a hyphen ... :sigh: Mailinator, how are you today? Great, got a sign up for you ... :laugh:
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
-
RDM Jr wrote:
... get to do it monthly ... and can't match any of your 12 previous passwords ...
Those two requirements are so common that they have a very easy fix that I have been using for over 20 years ... Include the first 3 chars of the month name. It is not perfect, but when one does not use machines at weekends or whilst on holiday, the 31 day months are compensated by extra no-work days.
-
Signed up for a site that had the following password requirements: Must be 8-16 characters Must contain at least one number Must contain at least one lower case letter Must contain at least one upper case letter Must contain one of the following special characters: @ # $ % ^ + = * _ . ? Cannot include a ! or & Cannot start with a ? Cannot have same character repeated more than 2 times in a row (e.g. aaa) Cannot be the same as your user name Very annoying. However, they do not validate the password hint field. I put my password into the hint field and it was accepted. Both the devs and the QAs missed that one. :laugh: :laugh:
Social Media - A platform that makes it easier for the crazies to find each other. Everyone is born right handed. Only the strongest overcome it. Fight for left-handed rights and hand equality.
-
Signed up for a site that had the following password requirements: Must be 8-16 characters Must contain at least one number Must contain at least one lower case letter Must contain at least one upper case letter Must contain one of the following special characters: @ # $ % ^ + = * _ . ? Cannot include a ! or & Cannot start with a ? Cannot have same character repeated more than 2 times in a row (e.g. aaa) Cannot be the same as your user name Very annoying. However, they do not validate the password hint field. I put my password into the hint field and it was accepted. Both the devs and the QAs missed that one. :laugh: :laugh:
Social Media - A platform that makes it easier for the crazies to find each other. Everyone is born right handed. Only the strongest overcome it. Fight for left-handed rights and hand equality.
Obligatory xkcd: [xkcd: Password Strength](https://xkcd.com/936/)
