Most suffocating password policy ever

[CVSiN]

Originally posted by: sm8000
Ours is comparatively lax - minimum five characters, no stipulations on caps or lowercase or use of numbers. Passwords expire every 40 days and you cannot use the same password you used up to five (or is that nine?) passwords ago. Many users do something simple like robert01, then robert02, etc.

yah exactly what strong passwords are supposed to stop.. you have any idea how easy that is for someone to crack and gain access to the network/PC?

strong passwords should be mandatory for any company that has any kind of information on thier PCs/networks..

unless you like sharing insider company info with your competitors..

 

[Steve]

Originally posted by: CVSiN

Originally posted by: sm8000
Ours is comparatively lax - minimum five characters, no stipulations on caps or lowercase or use of numbers. Passwords expire every 40 days and you cannot use the same password you used up to five (or is that nine?) passwords ago. Many users do something simple like robert01, then robert02, etc.

yah exactly what strong passwords are supposed to stop.. you have any idea how easy that is for someone to crack and gain access to the network/PC?

strong passwords should be mandatory for any company that has any kind of information on thier PCs/networks..

unless you like sharing insider company info with your competitors..

We don't have competitors

 

[Atomicus]

my password for my college was restricted by that same policy.

its pretty easy to type in once you use it for a few weeks

 

[theknight571]

Originally posted by: MikeyIs4Dcats
what I want to know is WhoTF is using 32 character passwords???

I had a user that was using a sentance as a PW...something like...

Th1sp@ssw0rdisapitatotype

 

[Demon-Xanth]

leet makes good passwords

 

[Babbles]

Originally posted by: spidey07

Originally posted by: notfred
Umm, everyone has pretty much that same policy.

yep. That's what a strong password is and pretty much standard practice IMHO.

Yup, here too.

Ours is just alpha-numeric entries with at least one capitalized letter and one number and it expiries every three months.

 

[BigToque]

IdwtguIatruktahmtticpw!

That's a good password, and easy to remember. I'll never use it, but it's a good example.

 

[gsellis]

Originally posted by: acemcmac
This is for an employer's recruitment portal

Please note that the password must respect the following rules:

* It must contain between 7 and 32 characters. Use only characters from the following set: ! # $ % & ( ) * + , - . / 0123456789 : ; < = > ? @ ABCDEFGHIJKLMNOPQRSTUVWXYZ [ ] _ ` abcdefghijklmnopqrstuvwxyz { | } ~
* It must contain at least 1 lowercase letter(s) (abcdefghijklmnopqrstuvwxyz).
* It must contain at least 1 capital letter(s) (ABCDEFGHIJKLMNOPQRSTUVWXYZ).
* It must contain at least 1 numeric character(s) (0123456789).
* It must not contain your user name.
* It must not contain your email address.
* It must not contain your first name.
* It must not contain your last name.

none of my passwords fit that

letter, symbol, letter, letter, letter, letter, number, number = rejected no caps, rejected symbol not onlist

letter, letter, letter, letter, letter, number, number, number = rejected no caps

:|

If their recruitment portal is this anal, I wonder how bad it is to work there. The office complex is within visual distance of the meadowlands complex. I seriously doubt that it would be worth the trouble :thumbsdown:

As covered, that is just a strong password. Quit whining They just wrote it out longhand for the slow. In fact, they may not be as bad as you thought. They could add valid for 30 days and you cannot reuse any 5 previous passwords, and here is your two factor token. It is a checkbox in Windows password policy that turns all of that on.

As for "who has a 32 character password", try pass phrase. Something like, "At0T Nef at night cr3w! For the Win" That can be a strong password and less successful to a dictionary attack. And, it can be easy to remember.

Edit - still looking for the opportunity to use "Mares eat oats and does eat oats and little lambs eat ivy. A kid will eat ivy too. Wouldn't you?"

 

[toant103]

Originally posted by: acemcmac

Originally posted by: AMCRambler
Hoooweee that's a good one. You must have Mordak The Preventer of Information Technology as your network admin, haha.

No, this is for a place I thought I wanted to apply to work

i guess more work for your Admin when he has to reset your pw everyday since you don't remember what your current pw is. 3 strike and your pw is locked.

Maybe not just you, but other users as well

 

[acemcmac]

I used the password

"goodmorningvietnam" for a while

 

[Gunslinger08]

At my university, they checked passwords against multiple large, well known dictionary files. If any part of your password matched, it was rejected.

 

[Phoenix86]

Originally posted by: Demon-Xanth
leet makes good passwords

The admin password for MS training is "Pa$$w0rd" or something very similar.

 

[Injury]

That's also the criteria for choosing an AIM username, minus the non-alpha/numerics

 

[mugs]

Yeah that's normal. And when they make you change it once a month it to something entirely different, it encourages writing the password down. Great security feature. :thumbsup:

 

[gsellis]

Originally posted by: mugs
Yeah that's normal. And when they make you change it once a month it to something entirely different, it encourages writing the password down. Great security feature. :thumbsup:

Write it down? Crap, I have been tattooing them on my forearm. A piece of paper would be so much easier. Hey, I could write it on a Post-It note and put it on my monitor!

Thanks!

 

[sao123]

Originally posted by: acemcmac
This is for an employer's recruitment portal

Please note that the password must respect the following rules:

* It must contain between 7 and 32 characters. Use only characters from the following set: ! # $ % & ( ) * + , - . / 0123456789 : ; < = > ? @ ABCDEFGHIJKLMNOPQRSTUVWXYZ [ ] _ ` abcdefghijklmnopqrstuvwxyz { | } ~
* It must contain at least 1 lowercase letter(s) (abcdefghijklmnopqrstuvwxyz).
* It must contain at least 1 capital letter(s) (ABCDEFGHIJKLMNOPQRSTUVWXYZ).
* It must contain at least 1 numeric character(s) (0123456789).
* It must not contain your user name.
* It must not contain your email address.
* It must not contain your first name.
* It must not contain your last name.

none of my passwords fit that

letter, symbol, letter, letter, letter, letter, number, number = rejected no caps, rejected symbol not onlist

letter, letter, letter, letter, letter, number, number, number = rejected no caps

:|

If their recruitment portal is this anal, I wonder how bad it is to work there. The office complex is within visual distance of the meadowlands complex. I seriously doubt that it would be worth the trouble :thumbsdown:

thats ez...
try this where i work...

you must have 3 separate passwords...


* All three must contain between 7 and 32 characters. Use only characters from the following set: ! # $ % & ( ) * + , - . / 0123456789 : ; < = > ? @ ABCDEFGHIJKLMNOPQRSTUVWXYZ [ ] _ ` abcdefghijklmnopqrstuvwxyz { | } ~
* All three must contain at least 1 lowercase letter(s) (abcdefghijklmnopqrstuvwxyz).
* All three must contain at least 1 capital letter(s) (ABCDEFGHIJKLMNOPQRSTUVWXYZ).
* All three must contain at least 1 numeric character(s) (0123456789).
* All three must not contain your user name.
* All three must not contain your email address.
* All three must not contain your first, middle, or last name.
* All three must not contain your wifes/childs/pets first, middle, or last name.
* All three must not contain your initials.
* All three must not contain your birthday, social security number, or telephone number.
* All three must not contain a matching string of 3 or more sequencial characters to one of the other passwords.
* All three must be changed every 60 days.
* A password can never be reused, on any of the systems. A password used on system A, cant ever be used on system B... etc

 

[rbrandon]

stop bitching. its a common company policy. were you expecting blank passwords?

 

[Kelvrick]

I'd rather have that then the ones that change every 2 weeks. That, and you log in like 3 times. Once to the computer, every time you access the data base, and every time you log into the remote data server... They all change.

Then I see people with stickies on their monitors with their passwords.

 

[Ramma2]

I've seen places that don't accept any word in the dictionary. Cripes!

 

[djheater]

Originally posted by: Kelvrick
I'd rather have that then the ones that change every 2 weeks. That, and you log in like 3 times. Once to the computer, every time you access the data base, and every time you log into the remote data server... They all change.

Then I see people with stickies on their monitors with their passwords.

It was 2000 before the major national corporation I work for changed from a universal domain password to individual passwords. I was in awe.

 

[DaWhim]

write down the password somewhere.

 

[torpid]

It's a matter of culpability. The password policy people want to be able to say they did nothing wrong with their overly restrictive password policy because even if it ultimately makes the system less secure because someone writes their PW down on a sticky, it's not THEIR fault that the employee wrote it down on a sticky, it's the employee's fault. Rarely will management be smart enough to see the big picture - that overly restrictivy password policies end up making the system less secure because people can't think of a new password every 60 days and still remember it each time they log in.

I like the one about no pet names. How do they know your pet's name?? If my employer required me to fill out a form with my pets' names I would just lie, then if caught in the lie say that the name I gave them is their real name, but what I call them is just a nickname.

 

[TitanDiddly]

My new school required a pretty tough password.
Must have at least 3 of 4 categories:
Lowercase
Numbers
Uppercase
Symbols

At first I was annoyed, but now I'm glad, I have better passwords now.

 

[Slap]

One of our passwords here cannot have a letter or number in the same spot as the previous password. That really makes it tough. You basically have to write your old passwrod down and the new guesses under it to make sure you don't have a letter or number in the same spot. You also cannot have repeating numbers or letters.

 

[Saint Nick]

)O(I8u7yy7u8