Slashdot Mirror


Are Often-Changed Long Passwords Really Secure?

Zweistein_42 asks: "I work at a large, navy-coloured IT corporation. A new, more secured password policy has just taken effect and will be strictly enforced: 8 characters alphanumeric, changed *every 90 days*, with standard checks for non-repetitiveness, dictionary, uniqueness, etc. Is there any research to support whether such requirements actually increase security?" "I have almost a dozen applications I use daily (e-mail, VPN, Windows login, intranet, FTP, etc), plus 20-30 I access 'occasionally', and their passwords have to be unique - and change at different times. I usually take the trouble to memorize random alphanumeric, un-guessable combinations; but even I won't bother memorizing an average of 2 random strings a week. Eventually, won't most people use their pets names (fuzzy1cat, fuzzy2cat, etc) and start writing passwords on a note on their screen?

Every time I see such a policy, I strongly believe it makes *my* passwords less secure. What is the average user's reaction? What about lost & support time trying to regain forgotten passwords?"

4 of 233 comments (clear)

  1. My voice is my passport.... by MikeyToo · · Score: 5, Funny

    verify me.

    --
    "Well Ranger Brad, I'm a scientist. I don't believe in anything." - Dr. Roger Fleming
  2. Translation by skinfitz · · Score: 4, Funny

    Is there any research to support whether such requirements actually increase security?

    Translation: I can't be bothered changing my password and am too dumb to come up with arguments against this policy to give to my boss on my own.

  3. Company handed me passwords..accidentally by dmorin · · Score: 4, Funny

    The bank I worked for implemented a "change your password every 60 days" rule the same year they handed us one of those motivational desktop calendars that had a word of the month like "teamwork", "integrity", and so on. The password checker would not let you repeat your previous passwords, but it did NOT check for dictionary words! So whenever it nagged me to change words I would just reach up to the desk calendar, flip over to the next month, and type in the word of the month. Certainly solved the "where can I write it down" problem. Anybody walking into my office would just think that I did not keep the calendar up to date.

  4. Re:This is the reason by Phleg · · Score: 4, Funny

    Excuse me, sir, but I believe you spelled ridiculous correctly. This is Slashdot; the correct use is "rediculous".

    --
    No comment.