Passwords

Mother fuck. I have so many damn passwords I am approaching meltdown. At work alone I have a login password, a Lotus Notes password, a database password, a timesheet password, and an ID passcode. Personally, I have an SDMB password, a hotmail password, a web consul password, a New York times password, a Live Journal password, a company (my company) email password, a home login password, a damned ebay password, about 10 other message board passwords, and I’m sure I’m leaving a few out. That is alot of damn passwords.

Now, the whole thing could be easy as hell if I could just keep the same password for all of them or write them all down, but nooooooooooooo. There are RULES (as taught by my companies mandatory security orientation class) to keeping passwords:

  1. Make it is something difficult to guess
  2. Don’t use the same password in 2 different places
  3. Do not write down your passwords

Great. So, by nature, it has to be something hard to remember yet you also, in today’s modern society, have to remember a shitload of them, but you can’t write them down. Cute little catch 22. Then there are the evil bastards that require the password be a certain length and others that maliciously demand you include numbers. Half of these motherfuckers require that you change them once a month. And if you can’t remember what number or letter you changed this month you get locked out after 3 times and then have to spend a half an hour on line with the help desk to get them to reset the damn thing. So, I just want to say: ARRRRRGGGGHHHHHHHHHH!!!

I got your fuckin passwords right here. How about:

G1o_fuck_7your9self88
:enter:
Kissmy_a7s7s7
:enter:
99fuckyous13
:enter:

“You have 3 grace periods to change your password. Passwords must be unique entries between 6 and 11 symbols long and must consist of at least 3 numbers but not more than 7 as well as 2 lowercase letters and not less than 3 capital letters and must be changed daily. We thank you for your coopera ~.?. @#&#”

:dj chucks monitor - calms down - replaces monitor:"

“Your account has been suspended. Please contact an administrator.”

:dj goes ballistic - destroying all that is good:

DaLovin’ Dj

Or how about this?

Computer: Please enter password.

DaLovin’DJ: Penis

Computer: Password too short, please re-enter.

I should have thought of that. They teach you that in third grade: Always look for the dick joke - there has to be one . . .

I feel your pain. To date, I have to remember:

(work)

Password for my Windows workstation
Password for my Unix workstation
Password for my timesheet
Password for my metrics
6-digit code on the phone for my voice mail

(personal)

Password for my home computer
Code for remote message retrieval for my answering machine
PIN for my ATM card
Password to access my web site via FTP
About 7 or 8 other passwords for various sites, including the SDMB.

Bosco.

My friend has a neat little pocket computer (compiles C code, runs astronomy software, 320x200 screen… it’s neat). He writes all his passwords in there, then only has to remember the one password for it. (Of course, the CMOS battery died last week with almost no warning, and were they on the flash card or in RAM? Oh, you know. ;))

In my last job, I had to remember passwords and lock combinations, so I put them all in a word document, put a password on that word document, and gave it an obscure name. I had no choice. It was a matter of self preservation.

Pisses me off. I have only so many brain cells and I’m wasting 'em remembering this shit?

I have:
a password for email
3 passwords for LiveJournal
a password for my home computer
a second password that protects certain documents on my home network
an ATM PIN number for two different banks
a password for my webpage
a password for my work email
a password for my work computer
3 passwords for three different computer programs at work, one of which only gives you ONE chance to get it right
a passcode for the alarm in the pharmacy
a number to punch in to clock in (which is NOT my SS#)
a password on my parents’ computer, so they can’t screw stuff up when I’m not there
a password for AIM
a password for 2 different voice mails (home and cell)

All this in addition to social security numbers, phone numbers, driver’s liscense numbers, birthdates, radio station call letters, email addresses, and any other useless crap that I just may need on a daily basis, but never really get to use.

I’ve used the same password for all of my various computer related steuff for 5 years.

I just use the same password for everything I do. It helps that nothing particularly important in my life is password protected.

My bigger problem with passwords is programs that try to be helpful by saving them. People might use my computer! Maybe I’m in a lab! What’s the point of a password if the computer saves it and lets ANYONE log in with it.

I’d rather struggle remembering than just give away access to whoever wants it.

DJ, I share your pain. And the asshats in control of the IT department (the IT guys themselves are cool) have come up with the fun idea to start reminding us to change our 30 days passwords TEN days after I change it.

So for 20 days, I get a message “Your password will expire in 20 days! Would you like to change it now?”

And every password has different expiry dates, so there’s no way to keep them in sync and each password has different requirements (“Your password must be 17 characters long, contain no more than three vowels, no double or consectutive letters, must contain at least two non-alphanumeric characters and must be a clever anagram of one of the names of a writer from the Algonquin group”.

I mean, Jesus FUCKING CHRIST! There are no crack team of ninjas who will sneak into the building in the dead of night looking for unlocked machines with which they can examine extended warranty cases for nefarious purposes.

EVERY single person in the building writes down their passwords. Hell, most people actually tape their password list to the side of the monitor. It’s not like there’s a choice: it’s impossible to remember them all. I’ve suggested that it would be MORE secure to have one or two passwords for anything so they don’t have to be written down. You can imagine how well that suggestion went over.

Fenris

Consider yourself lucky. If I change one number or letter of any of my work passwords, that new password is refused for being too similar to a previous one. Nor can I use any word that exists in the dictionaries of several languages, including non-roman Unicode character languages, like Kanji or Cyrillic. Nor can I attempt to take parts of different passwords and combine them for a new password. Nor can I use any number schemes that align with any known zip code or area code. Nor can any of the 28 passwords I use (yes, I just counted) be the same at any one time or ever used again in any of the other 27 places where my passwords are used. And I have to change them all every six weeks.

I realize that security is important for my company, but I can’t help but occasionally observe that we are being a tad… excessive. One of these 28 passwords is for the voice mail on my work phone. (Same rules as above where possible). Good thing too - I’d hate for my Dentist appointment info to get into the wrong hands. :rolleyes:

That rule about never using the same password twice is just plain stupid. If someone is smart enough to figure out my NYTimes password (you know, the free account one), more power to them. Go nuts, I don’t care. Read those articles and stick it to the man. And if figuring out that one allows him access to a message board about 80s toys, big-freakin-whoop. I think I’ll live.

Being able to translate things into some form of leet in your head is handy for passwords. ‘cheese’ becomes ‘c433z3’ and so on. It’s got numbers and it’s not a dictionary word, but it’s still decently easy to remember.

Write 'em down in code.

Hmm… funy that we have yet to see a sysadmin in here ranting about those idiots who write all there passwords in a word file, thus defeating the entire purpose of the system.

The relative security of the password should reflect the importance of the system it is protecting. In general, I think that most passwords are inadequate for for the level of protection required.

Heres a poll: How many other systems do you use your SMDB password on? What would ahppen if all those systems got broken into? While I am not implying that the SMDB mods are anything but honest, I would not place that level of trust on a complete stranger not to look through the DB.

IMHO, in general, more security in passwords is good but taking it to extremes can be a bit annoying.

I’m in charge of a network and I have the opposite problem. The passwords are all too easy and I can’t ask the users to change them. Out of thirty-some people, only a couple use passwords that aren’t short dictionary words. I even downloaded a program that nailed every password in the domain in minutes, but it didn’t change anybody’s mind.

I don’t get it. They spent $750 for a VPN router so people can transmit information securely from home, but anyone with a dictionary program could figure out passwords to dozens of accounts with Administrator rights in minutes. All the email passwords are similarly pathetic, and even more vulnerable because they aren’t tucked away in a NAT network behind the previously mentioned SPI firewall/VPN router.

<<< I mean, Jesus FUCKING CHRIST! There are no crack team of ninjas who will sneak into the building in the dead of night looking for unlocked machines with which they can examine extended warranty cases for nefarious purposes.>>>
No that’s right, there aren’t any such thing.

Please move on, nothing to see, thank you, sleep well…

Hey – I’ve seen the movie “Marathon Man” and few things scare me more than a dentist with an attitude. :wink:
My office is a pretty big shop, with MVS, unix, and Windows machines all directly connected to the internet. No firewalls, no proxies. And the data here is extremely sensitive so password protection is paramount. Breaking into the MVS box or the unix systems is quite a chore – no one has gotten through yet. But all of these damned Windows machines scare me.

So we set up password restrictions that make sense to us.

  1. Passwords must have some “randomness”. No dictionary words, minimum length, mixed case, mixed symbols, etc.

  2. Passwords never expire. The only way to keep passwords from being written on PostIt notes and stuck all over the office is to let people keep their passwords. Though changing your password occasionally is encouraged.

  3. Passwords are never used in open protocols. You need to get to unix? You’d better have an ssh client installed.

Picking hard-to-guess but easy-to-remember passwords is really pretty easy.

*) Pick your favorite move. “A Few Good Men”. (It’s not mine – but it could be somebody’s.) Now take the first letter from each word. “AFGM”.

*) Pick a number that means something to you. “156” is the first 3 digits of your SSN. 1802 is the house number at your old address. 1976 is when your first child was born, etc.

*) Pick a word or character string that you’ll remember. “random”, “SMTWTFS”, “TQBFJOTLDB”, etc.

*) Put them together: afgm156random

*) Mix the case: aFgm1802rAndom.
Put that password on all related systems. If you need more passwords, repeat the process.
SS