RANT: Sites with ridiculous password policies...

[Elganja]

Originally posted by: Injury

Originally posted by: Codewiz

Originally posted by: yh125d

Originally posted by: DayLaPaul
Fingerprint reader ftw?

biometrics! *highfive*

Yeah because it is REALLY easy to get a new finger print once your print has been lifted. Not to mention, you rarely touch anything so it is pretty much impossible to lift finger prints. :roll:

I am always amazed at people who have a hardon for biometrics. It is absolutely the WORST idea. A non revocable non-replaceable key, BRILLIANT.

While biometrics don't pose a risk right now because they aren't used. But if companies actually started using them, thieves would be lifting all sorts of prints in public. You wouldn't be able to use ATM machines anymore.

Biometrics FTL.

Yup. Just watch the mythbusters episode on this and you'll never trust it again.

there is more to biometerics then just fingerprints... and I'm pretty sure most places that use biometrics also use it in addition to a PIN or password of some type.

 

[TraumaRN]

Originally posted by: Argo
*snip*

Site 2: Requires you to change your password once every 3 months. You CANNOT use any passwords that you used in the past. It wouldn't be so bad, it this wasn't another one of those financial data sites that I access once every 2 or 3 months. So of course I constantly keep forgetting the password, causing me to go through the stupid reset password functionality.
*snip*

This is my job.

We have to change our password at my job every 3 months, at least 7 letters long. It wouldn't be so bad as it's hard to continually invent new passwords every ninety days. And our system is a bitch too. If you even have half of an old password when you try to create a new one it wont let, stating it's 'too similar to a previous password' Example if your old password was thunderstorm, and you wanted to use snowstorm for a new one, it wouldn't let you nor will it lets you do what Pepsei posted. Pain in the ass.

Now when it's time to change my password I just pick a random country or US state.

I feel your pain OP

 

[rh71]

every 3 months? Just use the 4 seasons (variations on alphanumeric of course)... and if it doesn't let you use ones from the past, add the year.

winterrul3s
fallrul3s

winterr0cks09
etc...

Those who keep a history, do they actually waste space and store everyone's previous passwords from forever? Don't they do past 4 passwords only or something similar?

 

[JTsyo]

Doesn't forcing people to use caps and special characters actually make it easier to force passwords? It reduces the total possible combinations. I would also think most important site would catch on if you try over 100 passwords, so I'm thinking they are not worry about brute force. So as long as you're not using words, you should be OK.

 

[MikeyIs4Dcats]

I have a couple of gov't sites I access for contracts at work.

Password requirements:

must be at least 8 characters
cannot be dictionary words
Must have 1 cap, 1 symbol, 1 number
Cannot have any repeat characters (aa, bb, cc or phrases with the same character more than once, i.e. nasa)
Cannot have any adjacent characters (123 abc)
must be changed every 90 days
cannot use any previous password or anything similar

sites also require you to login every 30 and 60 days otherwise your account gets deleted.

It's a giant pain in the ass, because I may only need to access these sites once every 3 to 6 months for actual work.

 

[Babbles]

I'm all for security, but it does seem like things are getting a bit overly-complicated. I'm going to give that KeePass thing a try.

 

[sourceninja]

Originally posted by: Argo
2 rants actually:

Site 1: Requires a password that is at least 8 characters long, has 1 capital, 1 digit and one punctuation sign and cannot ressemble any word. The site falls into the category of sites that has financial data but that I access fairly seldomly. So of course I don't want to write down the password, and of course I forget it. To top it all off their "forgot my password" functionality appears to be unavailable. When I try it I litterally get a message saying "This functionality is not available, please try again later".

Site 2: Requires you to change your password once every 3 months. You CANNOT use any passwords that you used in the past. It wouldn't be so bad, it this wasn't another one of those financial data sites that I access once every 2 or 3 months. So of course I constantly keep forgetting the password, causing me to go through the stupid reset password functionality.

Really, the only thing these stupid policies cause is for people to start writing their passwords and sticking them onto a monitor. Btw, both sites are personal financial sites from major institutions.

Might I suggest using P@s5\/\/Or|)

It meets the criteria.

Seriously though. I use keyboard and shift key patterns.

Example #EdcVFr4

 

[thescreensavers]

Originally posted by: coldmeat
All my passwords are in a text document on my desktop.

Ah thats were you keep em, damn it was looking in my documents!

 

[xanis]

I usually just pick a word, and spell it out in leet. Works every time.

 

[CRXican]

Originally posted by: Babbles
I'm all for security, but it does seem like things are getting a bit overly-complicated. I'm going to give that KeePass thing a try.

me too

 

[yhelothar]

Originally posted by: JTsyo
Doesn't forcing people to use caps and special characters actually make it easier to force passwords? It reduces the total possible combinations. I would also think most important site would catch on if you try over 100 passwords, so I'm thinking they are not worry about brute force. So as long as you're not using words, you should be OK.

proxies