It suprises me how often people forget their passwords

[Exterous]

Or complain about password requirements or frequency of change. Sorry you can't use your super secret and super secure 'password1' password for 3 years.

Also - if you are going to complain about having to remember two different passwords for work, you probably shouldn't do it to the network admin. I have to remember way more than 2 and I didn't come up with most of them so they don't fit into my password formula

So, while I may be polite to your face about it you need to suck it up and deal with those requirements because I care way more about information security than coddling your shitty memory

And stop writing them down or saving them in a text file called 'passwords'! 😡

/end blog rant

 

[waggy]

because they have so many and they have to be insanely complicated. I keep my password password for everything. its easy to remember.

 

[DesiPower]

I have multiple passwords at work, my LAN password is super simple and presentable coz I have to give it to the IT guys every now and then, and then I have another password for everything else that should not be given to anyone under any circumstances, things like access to database and web servers and stuff like that. This password is complicated and long. IMHO this is the ideal way to do stuff at work.

 

[HAL9000]

Meh, I complain about having to change my passwords constantly I've got about 30 to remember the last thing I need is to having to keep changing them.

 

[Anubis]

lol my password is password1

 

[DesiPower]

*Snip*

And as far as stupid dumbass requirements that make you change them every 90 days or whatever, it's fairly well accepted at this point that the practice doesn't really improve security one iota.

I think is a compliance and/or regulation thing. Govt has to let go of it before organizations can stop it...

 

[bignateyk]

It pisses me off how frequently we have to change. At work I have 4 different passwords:

1 domain, 1 local admin, 2 for classified networks. Each password is required to be different. Each password requires a change at different intervals. The domain password is required to be changed once a month, but the classified network password is once every 2 weeks.

It gets really god damned confusing to remember 4 different strong passwords that are all changing at different times.

 

[Beev]

I use an internal system at work that only ~30 other people access, and they all have their own logins. I should not have to change my password every two months, and it should not require a number, symbol, upper and lowercase letters, and my firstborn child. It's a fucking internal system.

The kicker? We DO have an external site that our clients also use, and everyone here has never changed their password from the default. Hilarious.

 

[Exterous]

It doesn't surprise me... people need a password for everything these days, and you can't - or at least really really shouldn't - use the same one for more than one site/app.

OP is just a pissy cable jockey.

We only require 2 different ones at work and 1 of them only has to be 4 characters long and never changes. Doesn't seem that difficult to me but maybe thats just because I am super awesome 😛

Pissy cable jockey? Your words wound me deeply 🙁

 

[amdhunter]

lol my password is password1

No it's not. I just tried logging in as you with that password. Please post your real password asap. Thanks

 

[bignateyk]

Sometimes, sometimes not. I just finished a sting at a shop that had to maintain PCI compliance and ISO certification, and that was one of a hundred stipulations. But there are also plenty of organizations - or just admins with outdated thinking - that believe it's a primary security measure. It's not. Most people just increment their password by one (Password1 > Password 2 > ...), so they're not really adhering to the spirit of the rule.

If you're going to be an Admin, you need to accept that people are going to bug you a lot about passwords, especially if you're forcing them to change them every 30 / 60 / 90 days and if they have complicated requirements.

Believe it or not, they need passwords for things other than your uber 1337 secure network.

lol, that's what I do. How the fuck else am I supposed to remember 4 different strong passwords all changing at different intervals? At least that way I can just guess at the number part if I can't remember.

 

[Texashiker]

It suprises me how often people forget their passwords

<sarcasm>

But, but, the super duper tech experts say we need a megacomplex password for everysite, computer and network.

I probably have hundreds of forum accounts all over the internet. Do you have any idea how difficult it is to keep up with 128 character passwords using upper and lower case and special character? On some sites I have to write a book for my password.

</sarcasm>

 

[Joseph F]

I use PRNGs to make my passwords.

 

[bignateyk]

For personal use I generally have one easy password for everything I don't care about like forums, facebook. Then for anything important like banking and email I use unique passwords of a much higher strength.

 

[Texashiker]

For personal use I generally have one easy password for everything I don't care about like forums, facebook. Then for anything important like banking and email I use unique passwords of a much higher strength.

Changing your password from hamburger to cheeseburger does not count as being more complex.

 

[Anubis]

No it's not. I just tried logging in as you with that password. Please post your real password asap. Thanks

i didnt tell you what that it was for but that is definitly one of my passwords i use on a daily basis

 

[corwin]

Complex passwords and requirements to change them often can suck but it's a fact of life everywhere...I have a shit ton to keep track of at work and yet somehow I manage...the only one that really pisses me off is having to change my VOICEMAIL password every 2 months, seriously that is just dumb

 

[Phoenix86]

Passwords are possibly the worst authentication system ever designed.

the only one that really pisses me off is having to change my VOICEMAIL password every 2 months, seriously that is just dumb

Publicly traded company?

 

[JTsyo]

Or complain about password requirements or frequency of change. Sorry you can't use your super secret and super secure 'password1' password for 3 years.

Also - if you are going to complain about having to remember two different passwords for work, you probably shouldn't do it to the network admin. I have to remember way more than 2 and I didn't come up with most of them so they don't fit into my password formula

So, while I may be polite to your face about it you need to suck it up and deal with those requirements because I care way more about information security than coddling your shitty memory

And stop writing them down or saving them in a text file called 'passwords'! 😡

/end blog rant

Our requirement is 14 characters minimum, with no sequential numbers or letters, no words and change them every 90 days. The ones where you use them everyday you might be able to keep track of but any less and there's no chance. There wouldn't be a need for such long password if they just locked you out after 3 tries. If someone can guess my password is beefCake in 3 guesses they deserve to get in.

 

[Exterous]

Thank you, Mr. Red Herring. Unfortunately, in your OP you were defending the practice of requiring users to change their passwords as well as the password requirements themselves, so that's what people started talking about. Now after a little resistance, you want to talk about a 4-character password that never changes?

I'm not saying organizations shouldn't put forth certain requirements such as length, special characters, etc., but don't QQ when people need their passwords reset. If you've ever used the 'forgotten password' feature of any site, you have no business complaining. The only difference is that your organization hasn't decided to replace you with code.

Hey - resistance is fine. You can view my response however you like but after seeing some of the other requirements listed (See: bignateyk) I wanted to clarify why it bugs me, as in hindsight I was not specific enough. In my view our requirements are not that bad. One password that never changes. One password that has to be 6 characters long and have two of the following: lower case, upper case, number, special character. It seems pretty simple to me. I have never worked at a place that has more stringent requirements so I did not take those into account when I posted

I also didn't expect having to remember non-work related passwords to be used as a defense for forgetting work related passwords.

And while I did not say specifically that this was for a work only environment I think it was pretty clear I was talking about work passwords. And FWIW I have never forgotten or had to have someone reset my WORK password.

 

[bignateyk]

Changing your password from hamburger to cheeseburger does not count as being more complex.

What about Ch33ZeBuRG$R

 

[IronWing]

Ah, another rant by an IT worker who thinks the computers and networks exist for the benefit of IT. They don't. They exist to enable the company to make more money by boosting worker productivity. Any unjustifiable security requirements that obstruct this goal need to be swept aside.

 

[mrCide]

we have an 8 char with complexity required as well as a built into windows login screen password reset feature (like banks, 3 questions to reset) and people still forget and then they forget the answers to their questions. some people are just hopeless.

 

[AMCRambler]

http://passwordsafe.sourceforge.net

/thread

 

[purbeast0]

doesnt surprise me at all since there are so many stupid fucking different restrictions on passwords now a days.