https://buy-zithromax.online buy kamagra usa https://antibiotics.top buy stromectol online https://deutschland-doxycycline.com https://ivermectin-apotheke.com kaufen cialis https://2-pharmaceuticals.com buy antibiotics online Online Pharmacy vermectin apotheke buy stromectol europe buy zithromax online https://kaufen-cialis.com levitra usa https://stromectol-apotheke.com buy doxycycline online https://buy-ivermectin.online https://stromectol-europe.com stromectol apotheke https://buyamoxil24x7.online deutschland doxycycline https://buy-stromectol.online https://doxycycline365.online https://levitra-usa.com buy ivermectin online buy amoxil online https://buykamagrausa.net

Password strong! Strongest one there is!

The security folks at the company are once again pushing the concept of strong passwords out to the masses. I.e., Use “letter substitution” to create strong passwords: Special characters (@!$&#)…

The security folks at the company are once again pushing the concept of strong passwords out to the masses. I.e.,

Use “letter substitution” to create strong passwords: Special characters (@!$&#) and numbers can be used to replace letters. For example, the number one can be used to replace the letter “i”. The dollar sign ($) can be used to replace the letter “s”.

The word “password” can be changed to “pa$$w0rD”.
The word “construct” can be changed to “C0n$truct”.
The word “elevators” can be changed to “el3v@tors”.

Use compound words to create strong passwords: Compound words that we use every day are easy to remember. Spice them up with numbers and special characters. Also, misspell one or both of the words and you’ll get a great password.

The word “doghouse” can be changed to “d@wgh0wz”.
The word “ladybugs” can be changed to “LADYbug$”
The words “tuna fish” can be changed to “t00naFish”

Use a phrase to create a strong password: Using the first letter or the first few letters of each word in a poem, song, or phrase can also help construct a good password.

The phrase “Jack and Jill went up the hill to?” can be changed to “J&Jwuth2”.
The phrase “I love rock and roll” can be changed to “il0veR&R”.
The phrase “Company core value – People are our greatest asset” can be changed to “ccvP@0ga”.

Which is all very clever and very nice, except …

… who the hell is going to actually remember that? Especially if you’re also recommended to create a completely different one every 90 days?

And all those special characters not only make it a lot more likely you’re going to misspell your password, it’s going to make you type it a lot … more … slowly … which means that anyone watching you is going to figure it out.

I do have an appreciation for security, and for why the security folks like all these things. Heck, I used to oversee the IT security group. But, reality check? People aren’t going to do it, and if they do it it’s going to be a huge PitA. Which just makes people roll their eyes at the next IT security measure.

126 view(s)  

7 thoughts on “Password strong! Strongest one there is!”

  1. Make it too difficult to remember and you end up with silly passwords where all the user does is iterate a single number or letter, or they write their passwords on Post-Its and stick them to their monitors.

    At some point, strong password security actually causes the opposite effect of what you’re out to cause.

    Reply

  2. Yep…

    Which is what they figured out at the Flats.

    Every 90 days they reset your passwords. You had to go to the secure site to find out what your password was….and then everyone wrote them down on post-it note since the passwords were 12 characters of jibberish.

    When the OpSec folks went to do security audits they found all the Passwords and a huge brouhaha insued.

    It was decided that it would be better to allow folks to choose their own, and make it so that the same password could be used for several different systems. So we went from 8 passwords to 2 that people could remember.

    The next time the OpSec folks went around the found only one or two passwords…for a site that had 10,000 people.

    Reply

  3. Where I work they’ve adopted every password-guideline known to man, force you to change every 90 days, can’t re-use a password for a year, and have the computer enforce the rules. The result is most definately passwords on scraps of paper; some people just don’t think things through.

    Reply

  4. I know I shouldn’t, but I have the same two or three passwords for just about every website and system that requires them. I’d start changing them, but I doubt I’d ever get them all. And I like my password!

    Reply

  5. We have to change our passwords every 30 days, cannot use the same password twice in one year, have to have a minimum of 8 characters which must contain all 4 types of characters which are, Capital Letters, Lowercase Letters, Numbers, Special characters.
    Needless to say, it is not a fun thing.

    Reply

  6. The memory load for keeping track of all the usernames and passwords one needs these days is pretty high, and the need to change the passwords frequently makes the memory load even higher. Different usernames and password policies at different places make the cognitive load even greater for people who work at more than one job, as I do. It makes me wonder if biometric security is a better way to handle security and access.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *