Tuesday, July 14, 2009

Password Fandango

There are so many serious things I need to write about that I sometimes just have to step back and reset my internal system with something off-the-wall. Today, that would be passwords.

At work, I use five different networks, each with its own login and password. At home I have my Mac, which has a system password, and about 700 websites I visit regularly, 2/3 of which require a login and a password. Agnes's computer has its own login and password that I need to know on the rare occasions I need to use her machine.

I'm up to my pasty white backside in passwords.

The ones at work are the worst, because each network has its own standards for login (firstname dot lastname, lastname plus first and middle initial, lastname plus first intial dot six hundred random characters, lastname plus California's current budget deficit estimate, etc, etc, etc). But the passwords are worse. Each network wants its own password that can't duplicate the password used on any other network ... and then there are the other rules ... this is my latest attempt to summarize the Arcane and Mystical Rules of Password Generation:

* Each password-protected network will begin prompting you to change your password three days after you change it, and will warn you that it will soon expire ("Your password will expire in XX days. Do you want to change it now? Well? Do ya, punk? Yeah, I'm talkin' to you!").

* Each password-protected network will allow its passwords to remain valid for a different length of time - one week, 30 days, two sidereal months, etc. The validity period will change randomly each time you reset the password.

* Each password must be at least 72 characters long, at least 17% of which must be upper case, 19% lower case, 22% numeric, and the remainder “special characters.” A given number of each character type must appear in specific locations, and the required number and specific locations will randomly change each time you have to change the password.

* Your password must not duplicate any of the last 475 passwords you used.

* Your password must not include any words contained in any unabridged English, Spanish, French, German, Russian, Chinese, Urdu, Hindi, Swahili, or Xhosa dictionary.

* It must not offend anyone for any reason.

* It must be complex enough that you will lock yourself out of your account at least twice per week.

* All of your passwords will change at irregular intervals which are not synchronized with any other networks, so that at least once a week you need to remember a new password for one of the networks...and you can never remember which one.

I'm not the only one who finds the Password Fandango maddening. Yesterday in the Washington Post, John Kelly wrote this wonderful little article - "So Many Passwords, So Little Time," which pretty much summarizes my password fatigue. Check it out. Oh ... I forgot ... you may need a login and password for washingtonpost.com. Sorry about that.

Aren't you glad you don't need a password to read my ramblings every day?

Have a good day. More thoughts tomorrow.



Amanda said...

OH! Password headaches! I can't help it, I end up writing them down somewhere in code.

The Mistress of the Dark said...

Between passwords and capatchas...Oye!

KKTSews said...

Thank goodness we don't need a password to read this! My latest gripe at work: a system that requires reset every 2 months and 16 digits of upper/lower/number/special and cannot contain a word. YGTBSM. In fact, that's a good start for my password the next time I have to change it!

QuickStepper said...

and don't forget that you are not to write it down!

SusieQ said...

Security comes at a price. Me thinks too high a price sometimes.

bandit said...

Over the last couple of years I have recycled passwords. When I have to change, I use one that I have used before at another place. I'm down to 3.

Leslie David said...

I'm in the same boat--I have the one for the network which is changed every 60 days, the one for my company web site and a separate one to access my timesheet. This does not include the password for my e-mail accounts, my Facebook account, and the various ones for things like, as you mentioned, the Washington Post.

I got really pissed off once and did a legitimate password variation of Bite Me.

Mike said...

QS beat me to it. What ever you do, "don't write them down!!!!"

Notice the quotes? Means important stuff.