Password rules at work suck!

[RossMAN]

I have access to 12 different bank systems with different logins, passwords and they all change within 30-90 days.

Today we're doing some testing with a new system, fair enough.

I login to the new system, time to change password. My old password was a name followed by 1 so let's use timtam1 as an example.

I entered in my old password timtam1 and new password timtam2. It doesn't like it because there cannot be 3 characters that are the same as the old password, WTF?????????????????????????

So I changed it to fsckme1

 

[rh71]

This password rule is quite common, BTW.

When you deal with customer data like banks and service delivery companies do, security is quite the concern. One time I had to code 6 different password rules into a web application. That was a headache and a half.

 

[DaiShan]

haha nice.

 

[ElFenix]

mine went from like... coffee18 to c0ff3318 to c0ff33ib

 

[RossMAN]

Originally posted by: rh71
This password rule is quite common, BTW.

When you deal with customer data like banks and service delivery companies do, security is quite the concern. One time I had to code 6 different password rules into a web application. That was a headache and a half.

My favorite is our foreign exchange system:
No two same letters, every letter must be different
No dictionary words
At least 1 number
At least 1 character
You cannot use password as your password

So then I write down all my passwords onto a sheet of paper which is kept in my unlocked desk.

 

[Monel Funkawitz]

When I was in the military, we used CAMS (Core Automated Maintenance System) to monitor maintenance trends. You had to do that password crap. Me being the rectumhole I am, I would staple the sumanabeech to the wall in plain view.

WOBBOBCOB - First 30 days
BOBCOBWOB - Second 30 days
COBWOBBOB - Third 30 days

Back to first set. Dumb ass computer system.

 

[dman]

Originally posted by: rh71

So then I write down all my passwords onto a sheet of paper which is kept in my unlocked desk.

I used to do that too. Now I have a password protected file w/ my passwords in it. It is a PITA to have to adhere to all these rules.

 

[rh71]

Originally posted by: RossMAN

Originally posted by: rh71
This password rule is quite common, BTW.

When you deal with customer data like banks and service delivery companies do, security is quite the concern. One time I had to code 6 different password rules into a web application. That was a headache and a half.

My favorite is our foreign exchange system:
No two same letters, every letter must be different
No dictionary words
At least 1 number
At least 1 character
You cannot use password as your password

So then I write down all my passwords onto a sheet of paper which is kept in my unlocked desk.

Hah good stuff... we have security guys come by at night to check for unlocked drawers... so we can't even do that. We get written up the first time it happens and the 2nd time it goes up the management chain - very bad.

Let's see if I can remember some rules:
- No consecutive letters or numbers
- Alphanumerical, where the number cannot be placed at the beginning or end
- Must be at least 6 chars and no longer than 9 chars
- Cannot repeat 3 consecutive letters of previous 3 stored passwords

That's all I can remember right now ... people would create jibberish for passwords and the system would get more password recovery requests than you can imagine. Needless to say it frustrated a lot of people. A colleague used fvck0ff as his personal password and didn't hesitate to tell people what it was.

EDIT>> I personally use Password Corral to manage all of them... so you just have to remember the main password for the app.

 

[RossMAN]

Originally posted by: dman

Originally posted by: rh71

So then I write down all my passwords onto a sheet of paper which is kept in my unlocked desk.

I used to do that too. Now I have a password protected file w/ my passwords in it. It is a PITA to have to adhere to all these rules.

Yeah it's not very secure but this is my 8th year doing it, so far no incidents.

 

[geno]

I HATE password rules, especially the ones here at work:

No passwords similar to your past three
Must have caps
Must have numbers
Must not be the name of any hookers you've slept with in the past 7 months
Must not contain the letter Q


stupid crap :|

 

[Utterman]

You think your passwords are tough

 

[BurnItDwn]

what I do is I manually change my password on all the other systems to match up ... its a pain in the neck since theres like 10 that need to be changed .. but it is the easiest way to keep track (for me at least)

 

[littlezipp]

Originally posted by: Utterman
You think your passwords are tough

Yeah, that's pretty bad.
When I have to chage at work, I either throw a 1 at the end, or take it away depending on which week it is.

Not to thread crap at all, but I have a question. I work for a cell phone company where we have to do credit checks on people before we can give them phones, and I have been told by many of them that soon companies can no longer ask for SS#'s to run credit. What are we going to do then?

 

[RossMAN]

Originally posted by: littlezipp

Originally posted by: Utterman
You think your passwords are tough

Yeah, that's pretty bad.
When I have to chage at work, I either throw a 1 at the end, or take it away depending on which week it is.

Not to thread crap at all, but I have a question. I work for a cell phone company where we have to do credit checks on people before we can give them phones, and I have been told by many of them that soon companies can no longer ask for SS#'s to run credit. What are we going to do then?

I think that's a bunch of BS.

 

[MegaloManiaK]

One of the CompE senior projects last year was pretty lame, for some reason they made a secure web server??? Seems to me this has been done before, not only that they used linux which was cheap since it already leans you to being extra secure. Either way the morons used part of the web addy as the password.

One day someone hacked in, they didn't do anything bad to it, but left a note saying nice password. So the group changed it. The guy who told me was so proud of it, he would just tell me the password. The next thing out of his mouth was the longest string of profanity i have ever heard. Later that week i saw him in the computer lab trying to log in, for 15 mins uttering profanity under his breath. Later when i talked to someone else in his group about it, they laughed and said the sad thing is that he's the only one who can successfully log in.

 

[sharkeeper]

Passwords here are a thing of the past. (thank goodness)

The old system had a 14 day rule and recognised patterns and would reject certain passwords. Additionally, writing the password down was an offense that you could get disciplinary action for! People tried saving passwords to their systems and they got caught becaused they saved the file with a name that was suspicious. Funny how most people around here have a really good memory!

There was a lot of stink in 2001 when a person (FBI mind you!) got sircam32 and the damn thing emailed contents out of their my docs folder (which was SUPPOSED to be kept on the server!) one which was a PLAIN TEXT file with passcodes! Dumbasses!

I remember most of my product s/n's and keys such as all windows keys, adobe serial numbers, etc. (No, don't ask....googlegroups is your friend you thief!) It's pretty bad when you think about it!

-DAK-

 

[Rastus]

It's irritating when they have you constantly change passwords on multiple systems with different rules, so you end up with many passwords. Then you try to log onto an application or server and can't remember which password to use. Then it locks you out.

 

[nater]

Want to know what's a pain in the ass? Being the one who has to deal with all the people who forget their passwords, or refuse to change their old ones and get locked out after their grace logins run out.

< - -The company hell desk phone guy

 

[glugglug]

We have lots of password rules like must change every 2 weeks, can't use any of your last 6, can't use dictionary words, must have letters & numbers, etc.