Passwords

[aap1966]

When general e-mail was introduced where I work, the password could be anything, literally anything (except "password") People tended to choose things easily remembered, mother's maiden names, street they grew up on, that sort of thing.
Not a huge challenge for the NSA, but a simple system that worked.

Then,,,, we had an IT review. "Not secure enough" "We must improve the passwords".....

So now the passwords have to be between 6 and 10 letters, at least 1 number, a mixture of capitals and lower case and automatically expire every 6 weeks. The system remembers your last 6 passwords so you can not re-use them.

Result? The notice board in the night office has a list where everyone writes their current e-mail password.

Yep, much more secure.

[Por_sha911]

Over compensation. The result of anything ruled by panic instead of common sense. It reminds me of when we had the gas "crisis" in 1979-80. I was selling Lincoln/Mercury and people were trading in their Town Car or Grand Marquis for an Escort, Civic, or other econo-boxes. One year later they were begging for a way to get out of the Escort. It was too small and uncomfortable but they were now upside down.
Same thing happens in politics, the environment, even relationships.

[krystar]

there was a study done last year that basically said that changing passwords regularly doesn't do anything to improve security. when a password is compromised, the hacker isn't going to wait 2 weeks before using the password. it's going to be used within hours of the hack.

while it may be a good idea not to use anything that's on HR record, i don't think it makes two bits of difference to an outside hacker. they're not going to be checking out a employee's personal history to find passwords. they're going for system security exploits.

[GH85Carrera]

Yep, I hate managing all the passwords I use. I hope a inexpensive bio-metric system will hit the market soon.

I want my computer to KNOW it is me, and just log onto every system I use without bothering me about a password. And I want that totally secure, and so cheap it is just part of the system.

[sailchef]

Quote:

Originally Posted by aap1966

When general e-mail was introduced where I work, the password could be anything, literally anything (except "password") People tended to choose things easily remembered, mother's maiden names, street they grew up on, that sort of thing.
Not a huge challenge for the NSA, but a simple system that worked.

Then,,,, we had an IT review. "Not secure enough" "We must improve the passwords".....

So now the passwords have to be between 6 and 10 letters, at least 1 number, a mixture of capitals and lower case and automatically expire every 6 weeks. The system remembers your last 6 passwords so you can not re-use them.

Result? The notice board in the night office has a list where everyone writes their current e-mail password.

Yep, much more secure.

I keep all passwords for each of the 953 different sites I need to access on a clipboard hanging on the wall next to my computer. Its usually covered with a requisition sheet of some type, but yeh.....real secure.

[Por_sha911]

"I want my computer to KNOW it is me"

[Por_sha911]

Just use the same password for everything. Oh, wait, did I just say that in a public forum?

[BReif61]

Try 15 charachters: 2 capital letters, 2 numerals, 2 special charachters.

Oh, and it will expire in three months.

[stomachmonkey]

Bunch of years back my CEO, President and Co Chairman were resisting the need to have a PW policy.

So one morning I decided to play hacker for the day, let's see how many mailboxes I could get into.

I gave myself 3 simple criteria to try, default password, initials, b-day and a 4th which was if I knew something personal about them like the name of their sailboat, the tail number of their plane, pets name.

I got into more than 50% of the accounts that I tried, we are talking well over 100 accounts accessed.

I did not get into the Presidents but it really did not matter since I got in to 80% of the Sr Management/Executive accounts. We sent most of our mail to each other so almost all of his was exposed anyway.

Email security is a PIA but it's necessary. It'll never be 100% secure but you need to do whatever you can to try.

[sammyg2]

Quote:

Originally Posted by NotaBRG

Some of my 'smarter' users change their passwords 6 times when they are required to make the change, ending up with the password they started with.

ie if their password is currently Pelican01 they will change it to PeParts2, then to PPOT03, PParts04, OTopic05, Parf06, and finally Pelican01.

They can use the same passwords every time because it was no longer one of the last 6.

You can do that?
Who'da thunk ..............

[Brando]

I think this comic describes the security aspect...

[Head416]

Quote:

Originally Posted by NotaBRG

Some of my 'smarter' users change their passwords 6 times when they are required to make the change, ending up with the password they started with.

ie if their password is currently Pelican01 they will change it to PeParts2, then to PPOT03, PParts04, OTopic05, Parf06, and finally Pelican01.

They can use the same passwords every time because it was no longer one of the last 6.

You wouldn't get away with that at my work. That's why they invented "Minimum password age".

[id10t]

I'm much happier with a private rsa key and a passphrase. Unfortunately, ITS here likes to do the crazy thing, so for a while my passwords were variations on "f*ck its", in the hope that somewhere they were stored plain text ...

[red-beard]

About 10 years ago, GE started expiring passwords every 6 months. I came up with a system with a common word I used for a password many years before. I inserted a number in the middle which was incremented each time the password was changed. Over time, the requirement was mix of upper and lower and a special character. So those were added into the formula.

When I went to my next job, it was monthly changes...

Basically, I have the same password I used on a mainframe back 30+ years ago. And it is not likely to be guessed.

[MysticLlama]

The comic above was exactly what I was about to post until I scrolled down that far.

Most of my wireless passwords are long nonsensical phrases like that. People look at me funny when I pass them along, but they are long and unlikely to be guessed.

[VINMAN]

Quote:

Originally Posted by sailchef

I keep all passwords for each of the 953 different sites I need to access on a clipboard hanging on the wall next to my computer. Its usually covered with a requisition sheet of some type, but yeh.....real secure.

+1 I do the same. Between user names and passwords you can go insane.

[crustychief]

We started using common access cards with a chip in them when I was active duty Navy. You still had to have a password that would expire in a couple of months. I used the same method as red-beard.

[Rick Lee]

I have a MS Word file three pages long for all my passwords. My company won't even allow the same PW or PW format for the 20 or so internal sites I can still only access once on the VPN. It's a joke. FWIW, I've never even thought of using anything related to my name, b-day, address, SSN, etc. Why do people do that?

[Roosterrusek]

How about this....a study done to see how secure people are recorded that 60% of people who found a USB thumb drive on the ground put it in their PC. In thinking about it, I probably would too but talk about a good way to steal some info with self extracting program off of the thumb drive.

[wdfifteen]

I have a word file for each of my passwords and user names. I've got upwards of 100 now and it's a pain because I never seem to sync the file in all my computers and can't remember which one is the latest.
I've been told that it is more secure to have a different password and user name for each account because if you have one universal password and it gets out, all your accounts are in jeopardy. True?
Is that cartoon accurate? It would be great to use common words I can remember.