Announcement

Collapse
No announcement yet.

Password Requirements are Non-Negotiable

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    In the Navy we had interesting rules for passwords. I don't remember the actual minimum character length but we had to have a mix of capital & lower case letters, numbers, and symbols in the password.

    On my second ship we also had special software we used to try cracking passwords. If the software cracked your password you had to change it. The system won't let you reuse old password but... if the admin does it for you then that's fine. It's not recommended but you won't get punished for it by the command.

    Although I have seen a couple of Navy systems that also check to make sure you're not just tacking on an extra character to your old password. So if you used say password1 the system won't let you use password11 and might not even let you use password2 either.


    But the real problem I have these days is that... many systems don't like my classic military passwords. Not because they're recycled passwords (the system can't check my navy passwords after all) but because... they're too complex.

    Comment


    • #17
      Quoth Jay 2K Winger View Post
      Also something that can get you fired.
      So enter it right to left. Or start X digits from the left, go to the end and wrap around. It won't match any number on file at $EMPLOYER that way. (And if it does, then I salute your password security.)

      Problem with overly complex passwords is, if they're impossible to remember, they're going to get written down. Maybe not on the classic sticky-note-on-the-monitor, but somewhere on the person of the employee; perhaps in his wallet or stored in his smartphone, whatever. Then what happens if the employee is mugged for his access? (If your employer is as paranoid as all that, the chances are that the data they're protecting is worth criminals going after employees for it. Of course in that scenario, if they're gonna mug someone anyway, they could use various methods to extract it from him even if it's not written down.)

      Comment


      • #18
        Quoth Shalom View Post
        Of course in that scenario, if they're gonna mug someone anyway, they could use various methods to extract it from him even if it's not written down.)
        Years ago another contractor installed retina scan readers for access control at a local prison...

        My first thought was " You'd better prove to the residents that a freshly scooped eye won't work! "
        I am not an a**hole. I am a hemorrhoid. I irritate a**holes!
        Procrastination: Forward planning to insure there is something to do tomorrow.
        Derails threads faster than a pocket nuke.

        Comment


        • #19
          Quoth Shalom View Post
          Problem with overly complex passwords is, if they're impossible to remember, they're going to get written down.
          Not mine. I have a system for remembering my passwords. And yes, I'll use some 1337-tification to mix in some numbers as well.

          But good luck trying to run through a dictionary to get mine. I use words from a made-up language from a story I once started writing, and even borrowed some names from it as well. (And those names are hardly normal in the slightest.)

          I'm a sneaky bastard.
          PWNADE(TM) - Serve up a glass today! | PWNZER - An act of pwnage so awesome, it's like the victim got hit by a tank.

          There are only Four Horsemen of the Apocalypse because I choose to walk!

          Comment


          • #20
            If I need a complex password, I use a block of random text (numbers, caps, and special characters included) I keep in a notebook. I then pick a four digit number as a passkey. As I use it, each digit tells me how many letters to skip in the block before putting in the the next letter as part of the code. When you have the needed number of letters, I jot the length down behind the origional four digits so now it looks like a six digit code. The block text stays at work, the six digit codes go in my wallet, and the generated code (or copies of the block text and codes numbers) goes home with me to my locked fire safe incase the text block or six digit code gets lost/destroyed.

            You may need to modify this based on security allowances and situation, but it is hard as hell to work out the password from this system unless you know what the passkey stands for.

            Other usefull mods to this method:
            -add a decoy first number that is only used to tell you how may lines down to start in the text block
            -use more digits in the passkey digits.
            -Use hexidecimal in your passkey to make it look like it is the password.
            The Rich keep getting richer because they keep doing what it was that made them rich. Ditto the Poor.
            "Hy kan tell dey is schmot qvestions, dey is makink my head hurt."
            Hoc spatio locantur.

            Comment


            • #21
              Quoth dalesys View Post
              Years ago another contractor installed retina scan readers for access control at a local prison...

              My first thought was " You'd better prove to the residents that a freshly scooped eye won't work! "
              There was one place my dad used to work at. They had hand scanners for entry.

              The security people casually noted that a severed hand wouldn't pass the scanner, because the size and shape of the hand would change due to being drained of blood.

              Comment


              • #22
                Just wanted to note that xkcd just covered this topic.

                http://xkcd.com/936/

                Yay passphrases.

                Comment


                • #23
                  Aww nuts, I was just going to post that.
                  I AM the evil bastard!
                  A+ Certified IT Technician

                  Comment

                  Working...
                  X