Lets talk about passwords, Again. Mk III Mod 7a.


The evergreen topic, because most corporate IT I’ve worked with is now insisting on new passwords every 90 days. And people who use the same password with a rolling number at the end just grate on my nerves. Very smart people, some of them, but misguided.

Our latest requirement is 8 characters (can it be more? doesn’t say it can. Probably. Check it.)

Upper and lower case letters, numeric symbols (0-9), punctuation: :,.!(){}[]) and Special, ie Shift-Number: !@#$%^&*, etc.

So lets take my birthday, which I have never used for a password, and see what we can do:

October91956 – more than 8 characters, but that’s ok. Needs punctuation or specials or both.

I’ve read the starting with a capital letter and ending with a 4 digit number are so common that malefactors expect to find it. So lets not give them either.

()ctober9!(%^ – 4 out of 5, no capital letters, but lowers, a numeral, special and punctuation.

0ct()beRgIgsG isn’t bad

RoktuberIX56 isn’t bad either.

Remember to start with something you’ll never forget, that you can remember how you transformed, and that you can write a perfectly underestandible plain-text hint for and leave some where you can see it any day, without revealing a thing.

“Geologic Birthday” would be good for RoktuberIX56…

Advertisements

2 responses to “Lets talk about passwords, Again. Mk III Mod 7a.

  1. Eric Lindberg

    http://xkcd.com/936/

    I only recently ran into a site with the requirement to use non-alphanumeric characters AS WELL AS capitals and numerals. Frankly, I only see it as a guarantee that people will need to request their passwords to be reset more often, which is probably just another security hole.

    Personally, I use words from Chinese poetry, alternating with the stroke-count of the character, but I doubt even that is all that secure. (Sounds really impressive, though!)

    • Thanks for the xkcd link, I’m going to share that at work. Two different flavors of non-alpha non-numeric and a minimum of 8 characters is not really going in the right direction. The issue that keeps the character count so low is that people can’t remember and they also can’t touch type. Password entry systems where the last-typed character is left in plain form for a few seconds may be a step in the right direction.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s