The security folks at the company are once again pushing the concept of strong passwords out to the masses. I.e., <\/p>\n
Use “letter substitution” to create strong passwords: Special characters (@!$&#) and numbers can be used to replace letters. For example, the number one can be used to replace the letter “i”. The dollar sign ($) can be used to replace the letter “s”.<\/p>\n
The word “password” can be changed to “pa$$w0rD”.
\nThe word “construct” can be changed to “C0n$truct”.
\nThe word “elevators” can be changed to “el3v@tors”. <\/p>\n
Use compound words to create strong passwords: Compound words that we use every day are easy to remember. Spice them up with numbers and special characters. Also, misspell one or both of the words and you’ll get a great password.<\/p>\n
The word “doghouse” can be changed to “d@wgh0wz”.
\nThe word “ladybugs” can be changed to “LADYbug$”
\nThe words “tuna fish” can be changed to “t00naFish” <\/p>\n
Use a phrase to create a strong password: Using the first letter or the first few letters of each word in a poem, song, or phrase can also help construct a good password.<\/p>\n
The phrase “Jack and Jill went up the hill to?” can be changed to “J&Jwuth2”.
\nThe phrase “I love rock and roll” can be changed to “il0veR&R”.
\nThe phrase “Company core value – People are our greatest asset” can be changed to “ccvP@0ga”.<\/p>\n
Which is all very clever and very nice, except …<\/p>\n
… who the hell is going to actually remember that? Especially if you’re also recommended to create a completely different one every 90 days?<\/p>\n
And all those special characters not only make it a lot more likely you’re going to misspell your password, it’s going to make you type it a lot … more … slowly … which means that anyone watching you is going to figure it out.<\/p>\n
I do have an appreciation for security, and for why the security folks like all these things. Heck, I used to oversee the IT security group. But, reality check? People aren’t going to do it, and if they do it it’s going to be a huge PitA. Which just makes people roll their eyes at the next <\/em>IT security measure.<\/p>\n","protected":false},"excerpt":{"rendered":" The security folks at the company are once again pushing the concept of strong passwords out to the masses. I.e., Use “letter substitution” to create strong passwords: Special characters (@!$&#)…<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[21,47],"tags":[],"class_list":["post-9203","post","type-post","status-publish","format-standard","hentry","category-job-jollies","category-my-computer"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":131268,"url":"https:\/\/hill-kleerup.org\/blog\/2016\/08\/13\/passwords-are-better-longer-not-more-complex-or-frequently-changed.html","url_meta":{"origin":9203,"position":0},"title":"Passwords are better longer, not more complex or frequently changed","author":"***Dave","date":"Sat 13-Aug-16 2:52pm","format":false,"excerpt":"And even the government is beginning to recognize that. Which is good news, even if longer passwords make for more opportunity for mistyping.The one thing I'll say about having 60 or 90 day expiries on passwords is that if a password is compromised, that compromise has a limited lifespan. But,\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":41215,"url":"https:\/\/hill-kleerup.org\/blog\/2014\/02\/26\/a-lot-of-tough-passwords-are-not-all-that-tough.html","url_meta":{"origin":9203,"position":1},"title":"A lot of tough passwords are not all that tough","author":"***Dave","date":"Wed 26-Feb-14 2:41pm","format":false,"excerpt":"Cracking programs aren't just using dictionary items, but common letter\/number substitutions, word combinations, and frequently used numeric suffixes and prefixes. And if the cracker has any info about you (esp. stuff from your hard drive), that's all grist for the cracking mill (so your birthday, anniversary date, kid's dates, zip\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":134052,"url":"https:\/\/hill-kleerup.org\/blog\/2017\/08\/07\/password-guidelines-get-a-major-upgrade.html","url_meta":{"origin":9203,"position":2},"title":"Password guidelines get a major upgrade","author":"***Dave","date":"Mon 7-Aug-17 2:42pm","format":false,"excerpt":"The current advice? Stringing words together to make something very long is a lot easier to remember -- and harder to crack, than Ft5!r@lwv3. And because it's easier to remember, you won't take the same shortcuts in making it, or updating it.The new guidelines also do away with the change-ever-90-days\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":36540,"url":"https:\/\/hill-kleerup.org\/blog\/2013\/05\/28\/the-password-is-crackable.html","url_meta":{"origin":9203,"position":3},"title":"The Password Is: "CRACKABLE"","author":"***Dave","date":"Tue 28-May-13 10:24am","format":false,"excerpt":"Yikes.I think a lot of people consider password security about being:1. Something they can easily remember.2. Protection against their colleagues guessing their password, or an ex, or maybe some kid down the street.\u00a03. Protection against someone who's logging into a site and trying to log in, one ID\/password at a\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":41651,"url":"https:\/\/hill-kleerup.org\/blog\/2014\/04\/09\/so-its-time-to-reset-your-password-but-maybe-not-yet.html","url_meta":{"origin":9203,"position":4},"title":"So it's time to reset your password … but maybe not yet","author":"***Dave","date":"Wed 9-Apr-14 3:46pm","format":false,"excerpt":"The Heartbeat bug seems be making a password reset on important websites pretty necessary ... but until the site you're going to actually updates its security, there's not much point in doing so.So stand by for email notifications from your Internet vendors if you need to do something. Though, honestly,\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":28157,"url":"https:\/\/hill-kleerup.org\/blog\/2012\/06\/06\/well-at-last-a-compelling-reason-to-go-to-my-linkedin-profile.html","url_meta":{"origin":9203,"position":5},"title":"Well, at last a compelling reason to go to my LinkedIn profile","author":"***Dave","date":"Wed 6-Jun-12 11:19am","format":false,"excerpt":"To change my password.I've never felt terribly comfortable with LinkedIn -- too much cross-connecting between professional and private lives for me. But this provided me a solid reason to finally go over, do some updates, accept some (aging) invitations, etc. \u00a0I'm sure I'll probably be there again ... sometime this\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/9203","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/comments?post=9203"}],"version-history":[{"count":0,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/9203\/revisions"}],"wp:attachment":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/media?parent=9203"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/categories?post=9203"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/tags?post=9203"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}