Why don’t they use biometric? It has to be cheaper than maintaining staffing levels necessary to reset all the forgotten passwords.
… And writing it down is punishable by up to a week in a federal jail for endangering the integrity of a government system.
[QUOTE=Nava]
Oh and the ones who require “special characters” but of course it’s a limited list thereof. Your webpage shouldn’t go into spasms if someone types a diacritic into a password field.
[/QUOTE]
Don’t blame your bank or whatever is being fussy. Blame legacy operating systems and applications.
It’s not the website (e.g.: Weblogic or Apache) that can’t handle funny characters. It’s the back-end database that will be knocked sideways into next Thursday. As one example, Oracle will interpret the backslash as an escape to change characters in the string, unless the user knows to enclose the password with double quotes. Likewise, Oracle wants to use $ and % as environment variables, so passwords that start with those may cause problems. SQL and DB2 also have their own quirks. Watch out for little Bobby Tables.
As a side note, crackers can use these requirements to “footprint” the system and identify the operating system, webserver middleware and backend database, so some sites don’t describe the requirements, thinking it’s safer that way. In reality, it just irritates the valid users.
While you are technically correct it’s really not a big deal for a vast majority of people. Hackers are trying to crack things roboticly; they aren’t going to waste time trying to figure out if someone is using a system unless it’s worth their while. Bill Gates probably shouldn’t use a system; most Dopers can get away with it.
The next dog I have, I’m going to name him Password just to mess with sysadmins.
I hear your annoyance, but I’ll point out that some users are freakin’ drowning in email. (I would get literally 8,000 a day at my old job, most totally pointless “This file loaded” crap, but even with rules and auto-delete, it’s a PITA to keep up.)
Years ago, my work password was “shithead.” I loved that one, until it expired and I was forced to change it.
At least they told you the 8 characters (well, 7 really).
I once spent several days trying to update a work-related password. Required number of numeric/alpha/upper/lower/special characters, minimum length 14… only when they said “at least” they really meant exactly 14. And not all special characters worked, and they didn’t say which ones would.