your password requirements are hurting your member signup

[Jamisjockey]

I reset your password.  Six cap letters, seventy seven lower case, nine digits, and fifteen symbols.  Good luck.

[Jim147]

I reset your password.  Six cap letters, seventy seven lower case, nine digits, and fifteen symbols.  Good luck.

And Apple still said it wasn't secure enough.

jim

[Scout26]

[Perd Hapley]

Yeah, we should change the password thing, so we can have hordes of members.

That would be awesome.


(not really)

[RocketMan]

I bought this computer used, and never deleted the cookies from the original owner. I don't even belong to this forum, but I get logged in automatically. Now I'm a moderator. Go figure.

Why doesn't that surprise me?  

[KD5NRH]

They lecture us on computer security all the time, but the more difficult you make the password requirements, the more people will just write them down defeating the purpose of beefed up security.

This.  When I worked security, it was always fairly easy to get access to the systems with the toughest password requirements.  All you had to do was pick the cubicle of someone with access and check the half dozen most common places to put a sticky note full of passwords.  On the rare occasion that fails, go into IT and start checking printouts taped to the backs of keyboards and undersides of drawers.  Systems that would accept pretty much any string of characters and not require more than one change per year were much tougher, since the users had their passwords memorized.

The truly priceless ones had KeePass or similar running on the computer, and the master password for it on a sticky note under the keyboard.

[French G.]

And change your password every 90 days as well as get locked out and have to supply all of your PII over non-secure lines if you don't use a particular web application every 30 days. Gov't IT at its finest. Coming soon to a healthcare near you.

[lupinus]

And heaven forbid you use any of the last fifty weird ass combos you had to think up

[mtnbkr]

Should add I guess they made it too idiot proof.

Not enough, you made it in. :D

Chris

[230RN]

This.  When I worked security, it was always fairly easy to get access to the systems with the toughest password requirements.  All you had to do was pick the cubicle of someone with access and check the half dozen most common places to put a sticky note full of passwords.  On the rare occasion that fails, go into IT and start checking printouts taped to the backs of keyboards and undersides of drawers.  Systems that would accept pretty much any string of characters and not require more than one change per year were much tougher, since the users had their passwords memorized.

After one of those massive security flaps I faked out the IT floor person by posting a great big sign on the wall behind my monitor with the word "PASSWORDS" in big letters and a bunch of fake passwords to the individual components of what-I-was-doing.  You shoulda seen his "What the hell is that?" reaction.

Mild not-in-writing rebuke from my manager.  "Quit kidding around like that, Terry."

[Brad Johnson]

Guy I used to work with kept his passwords in plain sight.  Only they didn't look like passwords.  He used innocuous notes and self-help phrases posted around his cubicle, stuff like "Mower service due on.." and "Acceptable Providers: Blah, Blah", or "Life is like a box of chocolates...".  Using a number/letter skipping convention he kept to himself, these innocent little nothings represented all his passwords.  I thought is was brilliant.  He didn't clue me in on it until well after we'd become close friends, and even then he didn't let on to what the secret formula was.

Brad

[230RN]

^  Very clever.  Not unlike the code where two communicants have a copy of the same book and simply find the words they need in it and transmit pages, paragraphs, line numbers, and word numbers to send messages.

Thus,
173 2 7 4   means page 173, paragraph 2, line 7, word 4

and so on.  One can even select individual letters and punctuation from the text.

173 2 7 4 2 is the second letter in that word, thereby varying the length of the code set.

Message closes by sending the title of the next book to use --or a newspaper article or whatever.

Some initial in the clear FTF communication is needed to specify the first book or article or website or whatever.

"Pierre has a long moustache.  Pierre has a long moustache." :)

[Tallpine]

I bought this computer used, and never deleted the cookies from the original owner. I don't even belong to this forum, but I get logged in automatically. Now I'm a moderator. Go figure.

We always knew that you were walking in somebody else's moccassins 

[K Frame]

I use patterns on the keyboard.

A r 4 space 34 + full

That isn't a password, it's the mnemonic that tells me EXACTLY what pattern, what keys and how many total characters there should be in the password for that system.

The phrase above?

18 total characters and covering all the big security requirements.

[KD5NRH]

Using a number/letter skipping convention he kept to himself, these innocent little nothings represented all his passwords.

I used something similar for a while when we had several systems to deal with and it was considered a huge security violation to use the same password on any of them.  After a while, though, I figured out that their "tech" wasn't bright enough to compare the password files and find out if anyone was ignoring the rule.

Mostly, when I want something really secure, I go random and encrypt a copy to myself with my PGP key and long-but-very-well-committed-to-memory passphrase.

[RevDisk]

This.  When I worked security, it was always fairly easy to get access to the systems with the toughest password requirements.  All you had to do was pick the cubicle of someone with access and check the half dozen most common places to put a sticky note full of passwords.  On the rare occasion that fails, go into IT and start checking printouts taped to the backs of keyboards and undersides of drawers.  Systems that would accept pretty much any string of characters and not require more than one change per year were much tougher, since the users had their passwords memorized.

The truly priceless ones had KeePass or similar running on the computer, and the master password for it on a sticky note under the keyboard.

I think I just had an aneurysm. The KeePass one makes me want to weep. We use it. I told the other two persons that know the passphrase I will break their fingers if they ever write it down, on paper or electronically.

The paper thing is not so bad, but I tell users to keep the paper in their wallet. If they lose their wallet, add us to the list of folks to also notify. Password vault on their smartphone is even better, as we can remote wipe.

Also, think the OP is possibly gunkid?

[MechAg94]

Guy I used to work with kept his passwords in plain sight.  Only they didn't look like passwords.  He used innocuous notes and self-help phrases posted around his cubicle, stuff like "Mower service due on.." and "Acceptable Providers: Blah, Blah", or "Life is like a box of chocolates...".  Using a number/letter skipping convention he kept to himself, these innocent little nothings represented all his passwords.  I thought is was brilliant.  He didn't clue me in on it until well after we'd become close friends, and even then he didn't let on to what the secret formula was.

Brad

That sounds way too complicated.  We have to change out passwords quarterly I think.  I'd hate to revise that all the time. 

My favorite is to pick something I own and my password is something like Ford.f150.  That usually satisfies the capital letter and symbol requriement though I have come across one system that wouldn't accept a period as a symbol.  It also means my next several passwords will be Ford.f155 and so one until I get tired of it.  I usally try to vary something so it isn't too obvious.  Everyone knows what I drive so I wouldn't typically use that one.

[KD5NRH]

The paper thing is not so bad, but I tell users to keep the paper in their wallet. If they lose their wallet, add us to the list of folks to also notify. Password vault on their smartphone is even better, as we can remote wipe.

Heck, we had the ones that would text the password to their phone so they wouldn't lose it, then leave the phone (with no lock code) laying out on their desk over a long weekend.  They also ditched a bunch of PalmOS devices (fairly random assortment purchased over a couple of years, and replaced by smartphones as soon as they got a good deal) in various boxes just shoved aside, (I was told it was more or less an unwritten "if you want one, take one" arrangement, but very few people wanted them.  It was between the rise of the smartphone and the fall of eink reader prices, so the few takers were getting the B&W devices with decent battery life.) and in going through them to look for any good apps or extra charging cradles for my m130, I found at least a dozen password lists completely unsecured.

Also, think the OP is possibly gunkid?

Could be.  Seems relatively tame, though.

[Brad Johnson]

That sounds way too complicated.  We have to change out passwords quarterly I think.  I'd hate to revise that all the time. 

It was actually one of the most uncomplicated systems I've ever seen used.  It was one system applied to any phrase, saying, or misc text string.  Could be anything from a bumper sticker to Beowulf, or anything in between.  And the phraseology source was hung in plain sight.  New motivational poster, new password.

Brad

[KD5NRH]

It was actually one of the most uncomplicated systems I've ever seen used.  It was one system applied to any phrase, saying, or misc text string.  Could be anything from a bumper sticker to Beowulf, or anything in between.  And the phraseology source was hung in plain sight.  New motivational poster, new password.

Back when I could ROT13 in my head at about half regular reading speed, I made a lot of passwords that way.

[Perd Hapley]

I have a couple of passwords that are just sentences - sentences that I remember, but no one else would think of.

There is probably a limit to how many such sentences a person would remember correctly, though.

[roo_ster]

I must admit I have gotten jaded as the password requirements have gotten batshinola crazy. 

I think the most demanding thus far is 14+ characters, 2 upper case, 2 lower case, 1 numeric, and 1 special character  No periods or dashes or spaces for the spec char, though. 

[Balog]

I must admit I have gotten jaded as the password requirements have gotten batshinola crazy. 

I think the most demanding thus far is 14+ characters, 2 upper case, 2 lower case, 1 numeric, and 1 special character  No periods or dashes or spaces for the spec char, though. 

Good Lord. Just turn on two factor ID already...

[p12]

My password is always 4-6 key letters and numbers the first 4 letters of the website or business and a number or character sequence. The only parts that are different are the website name

[K Frame]

I guess the OP was so daunted by the password that he couldn't remember it once he posted.

I bet we'll never see him again.