Search This Blog

Wednesday, July 11, 2007

#285: Crazy Password Rules

At my work, the restrictions on what you can use for your password that controls your access to all interal systems is crazy. How can they impose higher restrictions on this compared to accessing online banking or stock trading accounts where someone could steal others' funds? Here are the rules which are much to strict for the importance. Severity: 4

Password Setup Rules:

1. Must be exactly 8 alphanumeric characters in length.

2. Must include at least one numeric character separating the alpha characters. eg: pass2you

3. Must not contain your user-id or any portion thereof.

4. Must not include your first name, last name, full name, or parts of your name.

5. Should not use any full proper name or certain key words.

6. The password cannot be the same as the last 16 passwords used (for iChangePassword).


Anonymous said...

How annoying. Back in the day, when I worked at Fry's, the password couldn't be more than 4 characters long. Not very secure, perhaps, but convenient.

Andy said...

Do they also make you change your password every 3 months? When I worked for Oakland they made us do that, so I would just add a number after my original password and them up it by one every time I had to change it. I think I was up to 25 by the time I left. Something that bugs me if when you have multiple systems that you have to login to and they have different password rules so that you can't use the same one on both. This of course all results in many people just writing down their password and puting it someplace obvious near their computer, which of course defeats the purpose of having a password in the first place.