Thursdays are the day of the week when I post some personal thought, but this week I’m thinking about passwords, so this will be a bonus “From the Help Desk” tip!
Password policies get out of hand, sometimes. I understand the need to be secure, but I will never understand why we IT nerds make it so difficult for the rest of you. We require your password to be at least 8 characters long. It must meet 3 of the 4 following requirements: 1 (or more) upper case letter, 1 (or more) lower case letter, 1 (or more) special character, and 1 (or more) number. Oh, and it can’t be similar to any of your 25 previously used passwords. It can’t have more than 2 sequential letters or numbers (sorry, ghillieSuit123, you didn’t make the cut!), and if it includes an identifiable portion of your first or last name, it will be rejected. We also lock you out after multiple log-in attempts (to prevent others from “cracking” or “brute forcing” your password by going throug the dictionary one word at a time).
Did you follow all of that? Me neither, and I’m one of those people responsible for making it all up. And that’s my problem with passwords. We make them so insanely complex that everyone needs to write down their passwords. Defeating the entire purpose of the password. Now, it’s true, people think mostly that a slip of paper in a desk drawer isn’t a huge security risk in this day and age. Computer crimes, password theft, etc… it all happens in the ether when groups hack large databases and steal hundreds of thousands of passwords at a time (as was the case very recently at my regional power company). But if you think that nobody would ever try to break in and steal your computer, you’re sadly mistaken. And some may go far enough to look for the passwords to go along with them. These things do still happen.
Or, more likely, it could still just be as simple as a co-worker taking the information and impersonating you on the network and getting you fired. Anything can happen. We want your password to be secure, but I’m on your side: I hate that we make you change them so frequently. If we could trust you to just not give your password out, then you would have one password, and not have to write it down. It’s frustrating. But unfortunately, it doesn’t look like the “password policy” is going to change any time soon.
So here’s what you can do about it. There are some simple services that will help you adhere to password policies in effect where you work. One will help you determine if your password is strong (or generate a strong password for you to use). That site is at HowStrongIsMyPassword.com. A more fun website to see if you’re really safe is HowSecureIsMyPassword.net. This website really entertains me. You can put in your real password and see how long it’s expected that a modern computer would take to crack your password. My “work” password, according to the website, would take 102 million years to “crack” if a hacker were to try some sequential combination of characters (example: a? ab? abc? a-z? ba? bb? bc? and so on, until all possible combinations of letters and numbers, symbols, and numbers are exhausted). While it’s an impressive number, it’s all for naught if somebody can just look on my desk and find my password on a post-it on my monitor.
So just do your part to make your password fun. Most systems, like the computer in your typical office, will gladly accept characters such as spaces and even “!” exlamation marks. I encourage you to write a sentence with your password. Try it! It’s easier to remember, and harder to guess – even if someone knows you. For example, according to HowSecureIsMyPassword.net, it would take 62 sextillion years to crack your password if you made it something as simple to remember as “This is my password!” Another simple password to remember could be “I listened to 45’s growing up!” – not an easy thing to guess, and to crack, it could take 24 duodecillion years! So go on, try it!
I would like to thank DarkMethod45 for sharing “How Secure…” link with me, and inspiring part of this article.