Password Foo

I seem to spend my life changing passwords. If it isn’t my own, then it is all those I deal with at work. I spend part of every day resetting passwords. The best part of it is the folks who ask why their password has been changed. That’s when I have to bite my tongue. People forget their passwords, but they can’t admit that they forgot. Actually, I think some of them honestly believe that they remember it correctly.

Passwords don’t change on their own.

Remember that the next time you think you remember a password correctly, but it doesn’t work. A computer is less likely to forget a password than a human. There is no secret army of password changers out there. The funniest part is that it is same people over and over again who claim that they remember their password it just doesn’t work.

No. You forgot it again.

But that is only part of my password annoyance. The problem is all the various password rules. We only use about a dozen different systems at work and quite a number of them have different rules for the passwords. Some want only 8 letters, no more, no less. Some want a capital letter, others a special character (# & - *), others want a number. It gets so confusing I want to scream.

It gets worse away from work. So many passwords on so many sites, and each one has what they think is the right way to make a secure password. Not only do they have the same rules that I mentioned above, but some don’t want you to use a special character. Six character minimums, eight character minimums…it’s enough to drive you nuts.

Someone needs to publish the Ultimate Password Rules, and since no one seems to want the job, here goes.

1. Passwords must be at least 8 characters long. All you six character password people must get with the program.
   
   
2. Passwords must have at least one of each of the following:
   
   
   • Uppercase letter
     
   • Lowercase letter
     
   • Number
     
   • Special character, ~!@#$%^&*()_+`-=[]\{}<>/
     
     
   Yes, I put in all the weird rules. If you cannot agree on which ones are best, then we will just have to include them all.
   
   
3. Passwords do not need to be changed more often than every 90 days.
   
   
4. Past passwords should only be remembered to the number of 6. It’s hard enough on people to come up with 6, 10 is just plain cruelty.
   
   
5. Passwords rules will not include idiotic rules about repeat characters, except for 3 repeated characters in a row, or more than two sets of repeated characters in one password.
   
   

Okay, I think that is enough for those who have to create password rules, now for a few rules for all of us about our passwords.

1. Don’t use the same password everywhere. It is stupid, and it can lead to someone being able to access virtually every account that you have.
   
   
2. It’s okay to sync all your passwords, if they all expire, or if you change them when one of them expires. Even if your passwords are weak, they get stronger when they change regularly.
   
   
3. Don’t add a 1 to change a password. I’ve been guilty of this one too, but it is pretty stupid.
   
   
4. Do change a letter to a number to change passwords. Tower can become T0wer or even 70w3r. If that doesn’t make sense, then ask your kids or grandkids, they can explain it.
   
   
5. Don’t make them easy to remember. That generally makes them easy to guess.
   
   
6. If you write them down, don’t leave them on your desk. If you must write them down, then put them into a small notebook, and carry it with you, and don’t brag about where you keep it.
   
   

Well, I’m tired and I need to go change some passwords. Go thou and do likewise.