Sunday, April 05, 2009

Being Told That Your Password Isn't Rigorous Enough

It's been kind of a chore, over the years, to keep track of all my passwords. I don't want them all to be identical, and yet if I had 10 or 20 different ones there would be no way to remember them all. I do have about 5 passwords that I use, and they're all related to each other. So if I forget my log-on for some email account or customer-ID or something, it's a quick question of cycling through the list.

But I do have to gripe just a bit about these passwords at work. At any job where they give you a computer and a log-on, you're going to have to create passwords. Back in the olden days, you could pick whatever password you wanted. Then they started to tighten the rules. It had to be at least 8 letters. Fine. It had to contain at least one number. Well, okay. It had to contain both upper and lower case. Errr. And it had to be changed once a month, and could never be replaced with a previously used password.

Well Jesus Christ. So it has to be Mnz8sJk9, and you have to change it once a month. Putting aside the ridiculous notion that anyone would a) want to hack my work PC, or b) be thwarted at the last moment by my ingenious use of upper case, consider the following:

We are not robots. We cannot memorize multiple nonsense passwords, and then start fresh every month. I brought this up to my boss, who said, "Oh, just use 'Password1'. And then next month, 'Password2', and so on. It's what everyone does. It's easy." Good idea. And that's exactly what I do now.

But you just have to note the irony. This ultra secure, super fool-proof set of password requirements that was put in place to guarantee impenetrable ciphers of dazzling complexity... has instead resulted in everyone, EVERYONE, using the most obvious password you can possibly think of. Don't you just love that? Isn't this a great argument for just leaving people the hell alone?