Mandatory New Passwords
Posted: Fri Jan 14, 2005 11:58 am
I don't think mandatory new passwords every 30 days works. Here's why.
We have a password that won't save itself to IE that we use for the on-line recording of our hours at work. So I have to type it in each time. Fantastic! That means I'll memorize it.
There were restrictions for the password. You had to have capital and lower letters, a number, an odd character like #, $, %, ^, & and so forth and it had to be a certain length.
My password was "NATsemi@123". It fit all the requirements.
Now they're only good for 30 days thanks to the dipshit decision of some mert in IT several states away. Now, once a month, I have to change it to something completely new.
Well Christ! I couldn't just change it to "NATsemi@234" because that wasn't "unique enough." I'll let that howler ring clear and true for a moment. It wasn't unique "enough." It had to be completely different while still following the aforementioned laundry list of rules.
I'm not memorizing a new password every thirty days as wild as that, especially if forgetting it means I don't get paid. So I did what anyone reasonable would do -- I picked a new one and wrote it on my white board next to my computer. Anyone can now see that "LOVEcraft!890" is now my password.
So basically the moron who instituted this change-every-thirty-days policy got me to go from a password stored safely in my mind to one which is present on my whiteboard for anyone to use if suddenly they want to make me look like I put 80 hours in instead of 50.
Great work there.
We have a password that won't save itself to IE that we use for the on-line recording of our hours at work. So I have to type it in each time. Fantastic! That means I'll memorize it.
There were restrictions for the password. You had to have capital and lower letters, a number, an odd character like #, $, %, ^, & and so forth and it had to be a certain length.
My password was "NATsemi@123". It fit all the requirements.
Now they're only good for 30 days thanks to the dipshit decision of some mert in IT several states away. Now, once a month, I have to change it to something completely new.
Well Christ! I couldn't just change it to "NATsemi@234" because that wasn't "unique enough." I'll let that howler ring clear and true for a moment. It wasn't unique "enough." It had to be completely different while still following the aforementioned laundry list of rules.
I'm not memorizing a new password every thirty days as wild as that, especially if forgetting it means I don't get paid. So I did what anyone reasonable would do -- I picked a new one and wrote it on my white board next to my computer. Anyone can now see that "LOVEcraft!890" is now my password.
So basically the moron who instituted this change-every-thirty-days policy got me to go from a password stored safely in my mind to one which is present on my whiteboard for anyone to use if suddenly they want to make me look like I put 80 hours in instead of 50.
Great work there.