At my current internship our admin won't shutup about password security, and has us juggling 8-10 passwords - I think this will just drive people to use the same password everywhere, or use dictionary passwords since theyre easy to remember....bah i hate passwords.
How anal is your company about passwords?
- Thread starter chiwawa626
- Start date
AgaBoogaBoo
Lifer
- Feb 16, 2003
- 26,108
- 5
- 81
It's probably good that he's encouraging changing passwords, how often is he having you change them?
I have about 20 of them. They all have different rules, and some of them have to be changed every 30 days.
They are not intuitive, so they are hard to remember. Sometimes the instructions tell us not to write them down. Consequently, they are written practically everywhere.
They are not intuitive, so they are hard to remember. Sometimes the instructions tell us not to write them down. Consequently, they are written practically everywhere.
Getting people to follow security procedures like that is good but you can't make it too cumbersome. It's a fine line.
I read somewhere that the most common password that the typical user (of course not anyone here on ATOT) selects is: PASSWORD.
*Sigh*
*Sigh*
When I worked at Motorola they had us change passwords every two weeks. I had two passwords and switched them back and forth. 
Evadman
Administrator Emeritus<br>Elite Member
- Feb 18, 2001
- 30,990
- 5
- 81
Passwords expire every 30 days for every system except 1 that I use.
Passwords can not have month or year in them
must have at least 1 number in the middle, but begin and end with a letter.
must be 8 or more characters except one system which must be > 20.
can not share any letter in the same space as any of your previous 3 passwords except 1 system.
Needless to say this bothers the hell out of everyone. of the 200 or so people in my building, at least 20 people callt he helpdesk for a password reset on a given day.
Not me though. I got so fricking pissed off that I wrote scripts for 8 of the 9 systems that create randomly generates 5 passwords and goes though them all changing it each time. Then sets the password back to the original one I always use. It takes me about 3 or 4 minutes the end of every month. The last system doesn't have any limitations on resuse, so I set it to the same password.
At least I have mine memorized, while most of the other people have their usernames and passwords on post-it's on their monitors. (great security there) When are the people who set up this crap goign to realize that they are not helping anything? Security is worse then if the passwords changed once a year.
<edit>
interesting fact: Before I started, the month-year thing and number in the middle wasn't in the list. Apprently, everyone was using the month name and putting the year at the end. The admins ran a query (after one user was found to be using another user's password to do things they shouldn't) on a bunch of different systems and found that almost 40% of the password entries all had one of 2 hashes in a few mainframe systems So odds were, 4 out of 10 people had their password as 'January06' or 'January2006'
Passwords can not have month or year in them
must have at least 1 number in the middle, but begin and end with a letter.
must be 8 or more characters except one system which must be > 20.
can not share any letter in the same space as any of your previous 3 passwords except 1 system.
Needless to say this bothers the hell out of everyone. of the 200 or so people in my building, at least 20 people callt he helpdesk for a password reset on a given day.
Not me though. I got so fricking pissed off that I wrote scripts for 8 of the 9 systems that create randomly generates 5 passwords and goes though them all changing it each time. Then sets the password back to the original one I always use. It takes me about 3 or 4 minutes the end of every month. The last system doesn't have any limitations on resuse, so I set it to the same password.
At least I have mine memorized, while most of the other people have their usernames and passwords on post-it's on their monitors. (great security there) When are the people who set up this crap goign to realize that they are not helping anything? Security is worse then if the passwords changed once a year.
<edit>
interesting fact: Before I started, the month-year thing and number in the middle wasn't in the list. Apprently, everyone was using the month name and putting the year at the end. The admins ran a query (after one user was found to be using another user's password to do things they shouldn't) on a bunch of different systems and found that almost 40% of the password entries all had one of 2 hashes in a few mainframe systems So odds were, 4 out of 10 people had their password as 'January06' or 'January2006'
Originally posted by: Crazyfool
When I worked at Motorola they had us change passwords every two weeks. I had two passwords and switched them back and forth.
every 6 weeks or so we have to change ours....that's my secret
although every application has different pw rules of course, so each app has different pw's but the pw just changes back and forth, and for the most part, its just moving where the number or cap letter is.
the only real annoying one is one of our apps for web work logs our last 4 pw's so my numbers/caps keep moving and i occaissonally have major trouble w/ that one, especially since if you mess up your pw 3x in a row, it locks you out and IT has to reset it:roll:
Honestly, asking people to create excessively secure passwords that they have to change every week is much less of a security risk than asking them to create a password with less rules. When you start getting ridiculous rules like the ones Evadman describes, people write them down all over the place and it becomes easy to steal them.
the only way i know which password goes to what is if it gives the rules that you were given to make the password.
my company when i first worked there assigned me a password that was not changable!
many months later they have forced us to change passwords monthly that must contain a number, special character, and 8+ in length. Ugh..
and i forgot to add, your new password can not be the old password or contain the old password.
many months later they have forced us to change passwords monthly that must contain a number, special character, and 8+ in length. Ugh..
and i forgot to add, your new password can not be the old password or contain the old password.
The main problem is that everyone just ends up writing their passwords down, or storing them in a text file in their email. So it totally defeats the purpose. Im talking about the avg user (not you techies who have 40 passwords to remember anyways).
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter