We had this, and due to the problems you’ve mentioned, we were told that we had to have a memorable password and to add the number of the month at the end. So, ‘mypassword01’, then changed to ‘mypassword02’ etc
I’m wondering how many Dopers have “14KofGinaFPD” as a password now…
A good method when you need numbers and letters: cheminal formulas.
Thus, in your notebook you write :“password: sulfuric acid”, and even if someone intended to do mischief, 99% wouldn’t think “H2SO4”.
I usually pick some item in my office and use that along with some number substitution to create a password. Like, if there were one here, a blue ashtray would become Blu3Ashtray for a password. I can generally remember the chosen item and I make the substitution with the obvious letter/numbers.
Being a combined word phrase it seems like it would be pretty secure to me. Of course I’m not an IT person so I’m really not sure.
Easy to correct. Have the IT people write Internet posts about romantic attachment to sheep, and they’ll never leave their computers unattended again!
I’ll bet Hal hasn’t forgoten to log off since.
My work computer requires a password change every 90 days.
(at least 8 characters, alpha and numerical, upper and lower case).
My last 8 passwords have been:
Dec2009
Sep2009
Jun2009
Mar2009
Dec2008
Sep2008
Jun2008
Mar2008
Same thing where I work: new passwords for everything every 60 days, no repetitions within the last 50 passwords IIRC, and you have to have letters, numbers, and non-alphanumerics in every password. Plus some of the passwords require at least one uppercase letter.
So I’ve joined the ranks of those who write some of their less frequently used passwords on stickys and put them in the desk drawer. I figure that that’s what the security people must want me to do.
They have the tradition here of messing with the offender’s computer desktop, such as rotating it 180 degrees or changing the wallpaper to something embarrassing. The ensuing public heckling seems to do the trick.
Probably wouldn’t be too secure for me—I’m in the pharmaceutical industry and 3/4 of the folks around here are chemists.
Of course, it would be kind of cool if they wrote down their passwords like this:
Password: (RS)-2-(4-(2-methylpropyl)phenyl)propanoic acid
(translation C13H18O2, a.k.a. Ibuprofen)
The method has been recommended by security experts for years. I’ve used song lyrics, lines from poetry, etc. I’ve also used versions of names of aliens from science fiction, since they aren’t in most dictionary attacks.
Also, start the password with a punctuation mark (some are illegal characters, but there are still many you can use). If the password is !Ido1wC (! I’m dreaming of 1 white Christmas), it’s pretty secure.
All well and good until the person who wants to get into your computer was a whiz in high school chemistry.
I know that hacker lists will also contain words with the letters replaced by similar looking numbers - but only if the words are real words!
So let’s say I’m a big fan of a semi-obscure band called Johnny Flynn and the Sussex Wit (which is a fact), I could make my password 5u553xw1t and I think it would be easy to remember and hard to guess. This is what I have done for a couple of places where I needed my password to be especially secure - though for a different band of course.
WA3PWHNBIMK?
Hack away.
Shit, there goes MY day.
We’ve recently had something like this introduced - the criteria are >8 characters, must contain at least three out of the four categories of lower case, upper case, numbers, symbols, expires after 90 days and no repeats of the last 24 passwords.
At the time, I was working in IT support, co-located with customers - the password policy was rolled out gradually, so we had a steady stream of double walk-in calls from confused users:
-First time they walked in, they just wanted someone to explain the password criteria - then they went off to change their password.
-Then they would come back saying it’s not working. Usually this was just because they had failed to understand the instructions, or because they were not typing the password the same in both of the boxes required to confirm it.
Invariably, seeking vindication, they would end up writing their password down on a piece of paper and calling several colleagues over to witness them typing it in
So much for strong passwords.
We used to have mandatory password and password changes too, but they got rid of the requirement. There are only four computers in our organization that have any data on them that would be considered “sensitive” and those computers are secured through all sorts of means. IT got tired of having to help everyone else who routinely forgot their passwords. Everything is still password protected, but we don’t need to change it regularly.
Despite my advice above, my work network requires a password change every 30 days (I deal with approximately 20 passwords here, so changing one of them really pisses me off). IT are fucking eejits, placing procedure above convenience and human behaviour, and will not alter their thinking. Most people go the post-it route, but I go with (a variation on) “annoyingfuckers1” “annoyingfuckers2” etc.
Eh, so don’t write it down. A chemical formula is still easier to memorize than a random string of numbers and letters.
Or, for sulfuric acid, your clue could be “Poor Suzy drank it”.
I just make an equation about something that is going on in my life. We change passwords every 90 days and the last one came up right after i watched Office Space so my password was 1Mil+me=2chicks. The hardest thing was not telling anyone since I laughed almost every time I signed in.
That sounds good, but if your iPhone dies, gets lost or stolen, or you just plain forget it for a day, are you locked out of every single computer and Web site?