My default password (used for things that I don’t particularly worry that someone would hack) comes from a running joke in our household. One of my husband’s older co-workers once leaned over and whispered to him about a sexual act he would like to do to a hot female co-worker who was passing by. It was so funny coming out of this older, seemingly dignified guy that my husband had to wipe tears from his eyes as he was telling me about it.
We’ve made a Houdini agreement: if either of us dies, we’ll know if a psychic has really recieved a message from us if it’s proceeded by that word.
umm,…maybe you dont know many guys? Sexual acts are pretty common passwords. More so in college than in the workplace,…
But your password probably isnt as unique as you think it is.
Amen. In their zeal to be more secure, they have made it ridiculously insecure. Give me 60 seconds at a co-worker’s cubicle and I guarantee I’ll find their password list. (Probably in their right hand drawer. Using the key that is under their keyboard.)
I hate to ruin a good Pitting with a GQ question, but your comment makes me want to ask:
Why do the IT departments at large companies require so many passwords, and change them so often? Is it to guard against co-workers in the adjacent cubicle, or to guard against competitors from outside the company?
Obviously, if you irritate everybody so much that they keep post-it notes stuck on their screens, you’re not going to keep a nosy co-worker locked out. And if it is outsiders you want to lock out, why change the password so often? Why not just keep track of how many failed attempts were made to enter the password, and then change it if necessary?
Our passwords change every 3 months, must contain lower and upper case letters along with at least one number and one symbol. The passwords cannot be repeated until 25 passwords have been used.
And our computers lock every two minutes if the computer is not used, so the password must be re-entered.
I feel your pain there Jjim. My list is just as bad… To start off with, there’s the WinXP/computer login password. Min 8 characters, case sensitive and needs at least 1 number. Then when I’ve logged into the computer, there’s at least 14 unique programs that I have to get into each day in the course of doing my job. And Every. Single. Program has its own unique password requirements. Some will accept the 8 letter + 1 digit format that my main PC login uses. Some just want between 6-8 characters, any characters. No upper case or numbers required but you can use 'em if you want. A couple require a 10 digit password that includes at least 1 special character, 1 upper case character and 1 numeral. Certain dictionary words are not allowed in some systems.
But the number of different password requirements I can deal with. That’s not a problem. What is the problem is that every system also has a different timeout period for the passwords, and different restrictions on how quickly you can reuse a password. My computer login is 90 days. Some systems are 30 days. One system, for god only knows what reason, is 45 days. Two systems I use have never asked me to change the password. There’s one with a 60 day timeout. Some systems won’t let you use the same password until you’ve used at least 6 others. One will let me go through four and then go back to the start. One system won’t let me use passwords that are “too similar” to ones I’ve used before (meaning at least 50% of the password has to be different to the other passwords I’ve used). Others will accept the /same/ password straight away, but you’ve got to go through the bullshit of “changing” it when the prompts come up, or else you get locked out of the system after it expires. It’s nuts. When I first started at this company, I set all of my passwords to variations on a similar core password. Two years later, and I’ve got at least seven or eight completely different passwords due to the completely insane system requirements.
The one good thing is that with all the stupid rules on these passwords, I actually can make up 99% of them myself.
Jesus H, Sierra Indigo, I might posit that we work for the same company, but that’s actually worse than my situation by at least one order of magnitude. Somebody somewhere has to cop on that it’s ridiculous. (Though I’m about to be granted permissions to a new network, which will add at least another five to the fucking list. And that doesn’t of course include my personal ones, email, banking, my own website, etc., which I worked out the other day involve 28, count them, passwords.)
Techie guy: Well, we’ve implemented new password requirements, minimising the threat from brute-force attacks and also requiring periodic changes of password for all users.
Manager: Well, I want concrete evidence that it’s at least twice as secure as the old system was.
I change my passwords at school every month, not so much in fear of hackers but due to the fact that the students can see me log into the gradebook if they watch carefully. The advantage of my job is that I get to pick the password myself and as a history teacher, I have a wealth of easily remembered dates and events to choose from.
I went to change my XP password and the (new) policy insisted that it had to be different to any of the last 26 passwords. Twenty six.
A while back someone decided to enable the timeout option for the phone system password (four numbers) every week with various security options* That lasted until the CEO logged on for a second week.
*no reuse of the last four passwords, blocking of trivial passwords like 1111, 1234. This is to log onto the phone or read voice-mail, not to access the payroll system.
A few months ago our managers sent out a request that we write down our details on a form so that they could update our records. They asked for address,DOB,phone numbers etc and also our login names.
About 30% of the induhviduals who work with me wrote down their passwords. The ones we have been told about a billion times not to tell anyone- even our managers. The passwords we have to change every month. The passwords which a worker would probably be fired if they wrote it on a post-it on the computer screen.
I work in a bank and we have been shown 3 videos about password security in the past 5 months.
