It’s likely the opposite… the password can’t be too similar to ones you’ve used in the past, to prevent mnemonic patterns that help the user (or an attacker) remember the password.
Like, I got frustrated with the draconian uniqueness requirements and started patterning off the date I changed the password, like Jan2011! for example. If I had a brain fart, I’m at most 3 guesses away from guessing my pass.
Granted it’s a security hole and kind of a big middle finger to IT security, but I’m nearly 50 goddamn years old, and it’s either use a pattern, or use some software, or put it on a sticky under my keyboard.
Thank god for modern password management software. I’ve worked for good companies that embrace and mandate them, and I’ve worked for garbage companies that would absolutely shit penguins if they knew how much corporate sensitive info I’ve stored in LastPass because the corporation proscribed every other workable solution.
To use the same phrase others have, that’s batshit insane. I understand needing your password to change from prior passwords; but requirements that it be substantially similar? That’s begging for someone to hack in!
My company is stupid in different ways. We, of course, have different passwords on different systems that have different requirements. One requires a special character; one (older) system can’t have special characters; one requires your password to change by at least x characters.
What I do for that is my passwords would go xxyyJAN21 xxFEB21yy xxyyMAR21 etc. Yeah, enough characters changed at each specific position to satisfy their check.
He says there are history requirements , but no one knows what they are. It may not be a requirement that the new password is similar to prior ones -for one of the systems I use, my new password can’t be the same as any of my last ten passwords. I’m sure that somewhere there’s a system that won’t allow you to use any of your previous passwords or that requires that at least X characters be different than any of your previous passwords.
“Children operating in the pre-school space.”
“You mean…preschoolers?”
lol
That article is ten years old, but the author is absolutely correct. In fact it’s much worse these days IMHO. Because we don’t actually produce food or doorknobs, we have all these layers of middle managers and consultants talking in abstract using this bloated nonsensical language to try and sound as if they are smart or hold some deeper knowledge…
I think Mission Statements, Corporate Visions and strategies are technically a good idea, but just badly implemented in probably a significant majority of cases.
Done properly, corporate mission statement and strategy should be something that individual actions and proposals can be quickly measured against, in order to initially appraise whether they should or should not be done.
For example: at it’s heart. the Hippocratic Oath is just such a thing and whilst it has been superseded by more modern versions of the same idea, it served an important purpose in its time.
I guess the difference is whether the people running the organisation want a slogan to paste on the wall and impress potential customers, or if they want something that actually helps to guide them toward their stated goals.
Agreed. I have seen specifications for passwords that included ‘must not be similar to previous passwords’, without any mechanism to enforce that (owing to the fact that only the hashes were stored) - so the ‘not too similar’ part of the spec was mandatory advice, rather than absolute technical requirement.
To a certain degree. It is positive to have a succinct goal that motivates workers. Impression management of customers also has its place and this is more likely with a brief catchphrase.
The administrators in Canadian hospitals are keen to adopt business buzzwords and practices. The results are similar to my previous posts. Our medical school class had a “mission statement” too. It’s not that the idea is terrible. It is that an unwieldy page of purple prose perhaps poorly proscribes purpose, philosophy or practice patterns.
Our password system has a requirement that no sequence of 3 or characters can be found in the system’s dictionary. So a password like “DogCatPig” will be rejected. They encourage using l33t spellings and substitutions. However, through trial and error, I discovered 5 of George Carlin’s 7 words are not in the dictionary. I get perverse joy in rearranging the order of the same 5 obscenities every 60 days - with some intervening digits and special characters. The ones that don’t work - “tits” and “mother f” (probably because of the “mother” part - but the “sucker” part of CS goes through without a problem)
Well, here’s a (made up) example of the way it was used. Perhaps this will persuade you?
Mary: OK, we need someone to track the pilot manufacturing project. Fred, do you have the bandwidth to do this?
Fred: Sorry Mary, I have real bandwidth issues at the moment.
Mary: I see. Sue - do you have bandwidth at the moment?
Sue: Absolutely Mary - I have plenty of spare bandwidth because the cost minimization exercise has been delayed.
Trep: (Sitting in on the call as consultant, retches silently).
That’s why it’s SOP to require re-entry of your existing password when you change it to a new one (typically, it’s enter the old one once and the new one twice). Using a “similarity” metric is bad practice (and outright impossible if the passwords are hashed as they should be in any competently designed security system), as already explained in tofor’s post.
Since I was issued a new work laptop, they gave me a pw that was 8 letter characters followed by 8 numbers. I eventually remembered it without having to look at my notes. Every time I’ve had to change it, I just add 1 to the number. Haven’t been rejected yet.
My coworker told me he adds an extra * to the end of his each time. I wonder what he’ll do when the character limit is reached.
In one place I worked I spent a lot of time in offsite meetings and even more time on site coming up with mission statements. My observation is that the need for such statements is a red flag. The next place I work didn’t have one, since everyone there knew exactly what our mission was without managers spending lots of valuable time debating it.
A Harvard Business School professor asked me once what the mission of our place was, to be given in a single sentence. I was able to do it. (He asked everyone.) I’d say that it might pay for managers to ask this of lots of workers (and managers) and if they get lots of different answers then start working on defining the mission better. Which may involve broadcasting it, but more likely figuring it out.
I think that’s good, but I think there are a lot of cases where everyone thinks they know the mission, but if you got them to write it down, there would be very widespread disparity. In those case, a mission statement could help, but it has to be a good one. I saw one that was “do what matters”, which sounds great for about 3 seconds, until you realise that everyone probably has a different idea of ‘what matters’ and why.
I’d bet that in cases where there is widespread disparity (probably more than half the cases) there is a mission statement, but it doesn’t align with what really is done.
Kind of like quality statements. I’m sure you’ve heard representatives of companies who have killed customers by cutting corners parroting the “quality is our main goal” statement, where the main goal is to maximize profits. Employees, like kids, see what managers do, not what they say.
Of course mission statements should unite all mankind under a banner of solidarity and compassion, inspiring leaders to come out of the woodwork to triumphantly solve the world’s problems while the lions lie down with the lambs.
But in the rare cases they somehow fail to rectify Weltschmerz, a snappy slogan might still inspire and impress even if, maybe because, it doesn’t mean much at all.
Within an organization, especially a big one, every employee has his/her job description, and that is that employee’s mission statement. When you’re all on one team, each member has his part in make the enterprise a success, from the lowly batboy to the star home-run slugger.
If you ask every employee what the mission statement is, I would expect every employee to give a statement at least somewhat centered on what his job is.
If you asked every employee of the Manhattan Project what the mission statement was, how many different answers would you get?
A single thread in the tapestry,
Though its color brightly shine,
Can never see its purpose
In the pattern of the Grand Design.
Sorry to go off topic, but “Eric” has one of my favourite Pratchett quotes:
“No enemies had ever taken Ankh-Morpork. Well, technically they had, quite often; the city welcomed free-spending barbarian invaders, but somehow the puzzled raiders always found, after a few days, that they didn’t own their own horses any more, and within a couple of months they were just another minority group with its own graffiti and food shops.” ― Terry Pratchett, Eric
But in the rare cases they somehow fail to rectify Weltschmerz , a snappy slogan might still inspire and impress even if, maybe because, it doesn’t mean much at all.
“Acme Widgets - We Rectify Weltschmerz !!”
That’ll get everyone singing from the same hymn sheet…
