Passwords: Too many rules, too few brain cells...
Reader and friend Ben Jackson wrote recently with a rant about password rules - you know, how "they're all slightly different? (e.g., must have letters AND numbers; must be at least 8 alphanumeric characters long and cannot start with a number; must not be based on a dictionary word, etc.)" Like Ben, I have the same problem - these rules, especially when they directly conflict with each other (some must use nonstandard characters, others can't), break any system I might devise to automatically remember the password for any given site. And when that results in having hit the "forgot password" link, it can get even worse: as Ben observes, "sometimes, you can't even change it back to a password you used previously." Never a wholly pessimistic person, Ben does have a suggestion: "Why they don't remind you of their password restrictions when you get it wrong? ... I might at least be able to return to the frame of mind I was in when first presented with that asinine restriction, and re-derive whatever I came up with." It's not a bad idea, and it certainly might help with exactly these kinds of situations - but then again, reminding a would-be logger-in of the password rules might negate any extra security that they had provided. Hmm. Maybe the only solution really is rote memorization of hundreds of login/password combos - or just writing them all on a post-it on your computer monitor!
No comments:
Post a Comment