Passwords, Passwords, Passwords
I would qualify as a heavy computer user. Anyone that uses a computer regularly knows that a lot of passwords are needed for a lot of different things. Passwords are needed by software programs, e-mail accounts, websites, etc. Lately, I have noticed a trend in password restrictions by these programs, websites, and other accounts. the trend has been to institute all kinds of rules and odd questions. I have a request for all system administrators putting in place these strange policies.

Stop. Passwords are supposed to be secret phrases known by the user (and only the user). If there are 10 or more different rules for creating a password, then the intent is voided. How many people can create a password according to the following rules?:

• Cannot be a word in the english language
• Must be between 8 and 20 characters
• Must contain upper and lower case letters
• Must contain at least once special character, i.e., #, $, %
  
• Must contain at least one number
• Cannot contain sequences of 3 characters, i.e. aaa, bbb, and ccc are not allowed
• Password cannot be the same as any password used in previous 12 months
• Password cannot contain common phrase, i.e., OK

Not many people can comply with all the rules. If one manages to construct such a password, then it usually something that connot be committed to memory. In this case, it would be necessary to write the password down, which may well be against the rules.

I have a hypothesis on passwords. As the number of rules required to form a valid password increases, so does the chance of the password being cracked. I believe that each rule can be coded by an average computer programmer. Maybe this will be a topic for another day.

Now say that a cryptic password has been created and some time has passed. The password has been forgotten. How is it retrieved? Usually, one has to answer a bunch of questions irrelevant to anything:

• What's your mother's maiden anme?
• What's your city of birth?
• Who's your favorite author?
• What was the name of your elementary school?
• What was your best friend's name when you were young?
• What is your closest relative's birthdate?
  

There are several more stupid questions in use. The point is that the question are irritating at best. What is the point of them.

Overall, I am for password protection. However, I think the current practices are self-defeating. Will all system administrators simplify the process? How about this? Waht would you like your password to be? It can be anything that only you would know.

Is anyone else irritated by all the password rules? E-mail me at richard@yancy.org and let me hear your story.
- posted by Unknown @ 6:30 PM