Working on a website, the rules are:
Minimum:8
At least:
1 uppercase
1 lowercase
1 number
1 special character
Cannot contain 3 or more repeating characters
Cannot contain dictionary words
I foresee many written down passwords!
Common sense thinking seems to be to ramp up the minimum length to 15 or so.
Our local admin and ILO admin passwords are minimum 24 chars with various complexity required (so we use randomly generated ones), it gives me a headache trying to log in to systems (every server has to have a unique password to)
A very long time ago we were allowed to speak to a human for password resets. They often used to reset it to ‘pleasechange1’ or ‘over2you’. To give you an idea of how long, we have to update the password every three months and he is currently on something like 19!
Another system needs a certain combination of characters/numbers and a monthly reset, surprisingly, most people have a 3 letter password and the current month.
We have about 11 passwords and pins just for a basic employee, got one guy with his passwords photocopied out in triplicate with manager and colleagues holding a copy, every few months it all hits the fan and he locks all his accounts!
I must grab one of those password lists some time.
I’d certainly like to see how often MaryHadALittleLamb appears on there with and without the usual letter/number substitutions.
And batterystaple, … and rude words.
I once did a “password audit” at the company I worked for at the time, I think mostly just to see how hard it would be to crack our network passwords. Some were eye-opening; one lass in the office memorably had a password of “bondage69” for instance.
I once did a “password audit” at the company I worked for at the time, I think mostly just to see how hard it would be to crack our network passwords. Some were eye-opening; one lass in the office memorably had a password of “bondage69” for instance.
It’s pretty appalling that the company was storing passwords in a readable format. AFAIK even Adobe hashed them!
Not sure if I’ve changed it, but I got so pissed off when trying to set up a Microsoft online account when my kid had an XBox, that the password became: pieceofshit! (with various number and capital replacements). I was so easy to remember!
At last count I needed something like 17 different passcodes and passwords plus 12 different actual physical keys to do my job. The IT department constantly remind us that writing them down is a potential security risk…
At last count I needed something like 17 different passcodes and passwords plus 12 different actual physical keys to do my job.
I was involved briefly and in a minor way with an SSO (single sign on) project in a large hospital a few years ago. The project was supposed to do away with a lot of that.
It was going very, very badly indeed when I left, a poster child for how not to do things. Sell something fundamentally not fit for purpose that the installation techs had never seen before to an organisation institutionally resistant to change and stand back.
I’m not! That’s pretty sloppy coding. If that’s indicative of the quality of the rest of their implementation then I’d be quite worried.
Well Microsoft, Google, Apple, and Samsung can’t release bug free software, hell, even OpenBSD can’t claim zero exploits any more. So what makes you think a small startup will be able to?
And how long would it take those companies to get a fix out?
That’s what postit notes are for. All my client’s passwords are stuck on my monitor….
My gf had to do research for tv programme about online dating. That meant trying to find people who used online dating sites and asking them if they’d want to take part.
Problem with this was if you set up a profile you only ‘see’ people looking for that age/gender/orientation. So she had to set up dozens and dozens of profiles – male, female, gay, straight, young, old, north, south. Each with a unique login and password. Then numerous burner hotmail accounts for the creeps that kept asking her for blow jobs. Then repeat all those for each dating site, then keep repeating them because sites would think she was contacting too many people and lock her account. She made around a 1000 contacts to whittle down to about half a dozen people who’d actually end up being interviewed
Our office in the spare room looked like that scene where Carrie loses her marbles in Homeland
I had a dickens of a job trying to set a password for my Oyster card, it kept refusing my suggestions, until I realised that there was a rule regarding a character that wasn’t stated in the list of rules for setting up a password! 🙄
For one memorable password that requires an ever changing choice of three characters from the main password I used the make, model and registration number of an old car, as one continuous word.
Another useful source of non-dictionary words is foreign aboriginal languages, in particular North American, which is very rich in unusual words, some of which have been used as the titles of a series of films with music soundtracks.
Of course, they can be difficult to remember, although repetition will make them easier to remember.