I use a password generator to make eight character, no numerals, all lowercase pws. Essentially, I changed 'em and waited for them to ask.
As I go about my dreary daily chores, I see them on Post-its stuck to monitors.
:rolleyes:
And that’s what you are probably going to get if you don’t let users generate there own passwords.
My dad created a 24 length case sensitive numbers and charactor password for the admin account on his home computer. Alls he does with it is surf the net. He doesn’t buy anything over the net no tax information, nothing is on that box.
24 charactors.
He forgot it. Or errrr, screwed it up. Took me a couple of hours to figure out which upper case letter should be lower.
Probably.
The first guess would be pets, second depending upon age of the user, children’s name or grandchildren and third favorite color.
The really challenged use their name, perhaps with a number after it. That may be the safest, depending upon the number of digits they add.
I change it if they email a request. I just need to know what the darn thing is.
Heh. I got tired of using pet names. As we cannot re-use passwords for such and such a time (ran out of pets ).
For work, I now take a SQL error code book, open it to a random page, and take the first three letters, the page number and then the last three letters on the page.
Pretty effective way to generate gibberish.
If I forget, all I have to do is remember the page number (or just put a sticky on the page) and my ‘code’.
My password for virtually everytihng is a word that I made up. It sounds plausible, and it could be in a science-fiction story, but nobody would ever guess it. So I have the best of both worlds: I always know it, and no one else ever does. Plus, it’s 9 letters long, and trivial modifications can be made to add non-alphanumeric characters.
I’m too lazy to check, but SHAKES, I assume that you will not be one of the people piling on the next company that leaks a few million credit card numbers because of lax security?
That’s the same logic that doomed the Space Shuttle Columbia. All it proves is that you’ve been lucky in the past.
My work passwords have to be at least 8 characters, and include at least one of each of the following:
lower case letters
upper case letters
numbers
special characters (!@#$, etc)
Not only that, but the servers use a word checker to make sure that you’re not making a password out of a real word. If three or more consecutive letters form a word in the dictionary, the password is unacceptable. And that’s hard, because a lot of three-letter combinations are words.
And, of course, we have to change our passwords every 90 days.
We do this at work also, plus we have to pass through about 5 security screens and have 3 different computer systems. We have all had to start writing them down in order to remember them! Gaaahhhh!
My beef with passwords is that different systems have different, non-compatible requirements. Some systems will not accept passwords longer than 6 characters; others insist on it. Some require a non-alpha character, others will not accept those. All of this makes it difficult to use the same pw everywhere.
Thanks Og for sticky notes.
As far as not being able to reuse old ones, at a system where that was enforced, we found out that it stored only the last 6 passwords used. So when forced to change, we just changed it 6 times, then back to the original.
In my work I have a network password, a mail password, an intranet password, the password for the second intranet, the accouting software password, the extranet password, the image library password, the document storage password, the CMS password (x2), the FTP password (x 2) and the fucking mailserver password.
We have to change all of these every four weeks and never repeat a previous one - 8 digits, different case letters, and numbers. I can’t write them down for security reasons, so I’m in danger of losing the whole lot as my brain goes ‘pop’ and hundreds of digits and letters come pouring out of my ears and nose and mouth and eyes. Fuck.
On my company system you can recycle through 4 passwords. You have to change every 90 days, but it only remembers your last 3 passwords. Plus you can get away with your first password being abcde1. then abcde2, and after …4, you can start with abcde1 again.
So if your system is dumb enough, you can really get away with one password and a counter.
I have different passwords for most of my accounts, letters (both uppercase and lowercase), and numbers. But I use a Mandylion to hold them all. Left to my own devices, I pick simple, unsecured passwords.
Work generated one for me until I could change it. To get even with their ridiculous requirements (same as the OP), I just kept the original, for three years. When they changed the requirements (nine digits, including a “special character”) I just added a question mark.
I don’t really understand the logic. Apparently, using “potato” or “Fluffums” as a password is equivalent to handing the terrorists keys and a map. And of course no computer has yet been invented that could put together an eight- (or nine-)digit combination matching the password requirements. I suppose it’s like a hackers’ union: only serious hackers can break in; we don’t want wannabes who just walk in and guess.
Meanwhile, if I forget my ridiculous and illogical password, all I have to do is call in and tell them the name of my pet, which is a secret no spy could crack, unless they were friends or family or neighbors or had ever talked to me about cats.