Rant on passwords

Having a strong password is good however using the same password for everything not so good.

You could use password manager software if you have trouble remembering them.

But I understand the issue with the specifications websites put on the password. Especially when they don't tell you these things when you get your password wrong and are trying a few of them.

 

The software we use at work is the worst. The password you choose can't be found in the dictionary, or a word found in the dictionary but spelled differently. How hard is that?! I sat there on my first day for fifteen minutes trying to come up with a password and finally gave up and searched for a "password generator." It gave me a password that was something like "utHD9lzq" and I'm just now able to remember it.

 

i just accessed your account using utHD9lzq
i couldn't believe it was your real password

 

I have a series of passwords written on sticky notes that I leave inside the top of a drawer next to my PC. When they ask for a password hint I just give the location of the sticker

Get all the passwords from Apples password generator too.

 

I've knocked up an Excel macro to randomly generate passwords of any given length.

 

I know your pain

 

you know whats the worst (although smart) lol is websites that make you change your password every 2 weeks or so and it cant be anything youve used before and the like.

ugh not too cool

 

I can understand a length requirement but limiting symbols? Why? I always use symbols to make it stronger!

 

It's a catch 22. You make no password restrictions, and people will choose passwords like "dog" and "cat" because they're easy to remember and just as easy to guess by a brute-force attack. You add on a bunch of restrictions, and people need to choose a password like "vs(dfjAKCe3r*#(csaMsf9029**&$fde" and since they'll never remember it, they write it down and stick it on a post-it note on their monitor. I guess in your house that's OK, but that's not a good idea in the office. Neither options are secure.

I was talking about this with one of the security guys at my old job, and his recommendation is to choose a short phrase of some sort, maybe 10 or 20 characters, and then do thinks like replace an o with a 0 or an i with a 1 and stuff like that, and then use that as your password. Maybe throw an exclamation point at the end if needed. Seems to work for most sites.

Some of these sites are probably using backend systems so old that they can't handle anything besides alphanumeric characters. It's about time they upgraded their stuff.

 

Automotive license plates.

Its something that you might have memorized anyway and these typically have both letters & numbers ... and if your password system demands upper case, consider adding the two-letter abbreviation for the State that the plate was issued in.

If you're really bad at remembering passwords, consider having your desktop picture be a photo of your car (with the plate visible)



-hh

 

I can see limited special cares in coding. Less information to store.

But passwords do get to me after a while. On of my primary passwords is a foreign word broken up with numbers. Now I do not do the most secure then when I am required to change it every 90 days which is just increase the number by 1. I made my password while I was at school and they put some insane requirements on it. Great password.

My hardest problem is I forget which password I used where.

It is not that hard to make very secure passwords if you know tricks. For example ones like my main password while 9 chars long and alpha numeric is easy to remember but if you do not know it hard to just crack. If you know how I came up with it and how I remember it. Not so good but to some one who does not know me it is not an easy password to crack.