Is anyone else here annoyed by password requirements?!!!

Is anyone else here annoyed by password requirements?!!!

Yahoo was repeatedly telling me that my password was invalid, due to falsely "recognizing" a pattern in the password similar to the user name. Some sites require numeric characters. Some require a combination of upper and lower case letters. Some require some sort of punctuation. And even worse, some require that passwords be changed on a regular basis.

Not only is this incredibly annoying, in the end, with all the password requirements and limitations, everyone needs to have a different password for almost every site, which requires recording the password somewhere. This in turn simply increases the chance of someone finding the recorded pass, thus decreasing security!

Does anyone agree that there needs to be a universal end to password requirements?!


If you don't find this annoying, or even if you do, how do you deal with this? Do you keep a text file of your passwords, or have it written down somewhere? And if it's written down, then you have to look it up every time you want to log in somewhere?

 

Yes, it gets frustrating. My damn bank requires me to change mine often. Some are case sensitive some are not... I understand the reason for it, especially as more business is done online.

I keep mine written down on a piece of paper under my keyboard. :-D Might type them in and email them to myself.

 

i use the same 2 or 3 passwords. an easier one for places like here and other forums, and more advanced ones for other places, like myspace, facebook. and even stronger for banks and other stores i might order from.

 

before you get upset think of what you are inputting and what a crook would do with that info.

 

Short answer, no. I work with servers and i use complex passwords for those. Alphanumeric passwords, combo of upper and lower case letters and different punctuation characters. Sometimes the requirements go a little overboard, but depending on what the password is for theyre necessary. I enforce a simple complexity rule for network users. Tends to be a 4 letter word, punctuation character, 4 numbers such as word$1111. Works great.

For recording passwords, i do write them down for documentation purposes. Also keep them on my iphone. I tend to remember them though.

 

Passwords are very sensitive, so keeping them safe is always the key point,
I just keep them in a single text file and protect the file with Password simple one that i can easily remember.
one bad thing of having a single password for most of your accounts or sensitive files is that once its hacked the person can have access to the rest of your account at ease.

its always good to change your account info regularly.
I don't look at that as a work load to me.

Victornous

 

I am a bit paranoid about sensitive data on my pc so i download it to a 16gb password protected flash drive and then erase it from the PC, all others are just protected with the same easy to remember password.

 

A friend of mine’s POP3 address password was hacked, and the so called hacker was using that email address for sending disgrace emails to his (my friends) friends and the management. He event changed the password.
Others hacks passwords not for the sake of earning monetary value but rather to thwart you in other ways.

Regards

Victornous

 

Not really. Yes, they are annoying, but they're a part of basic information security.

I'm annoyed that my visa cards have different pin codes as well, and I keep getting them mixed up, which gets embarrassing in stores. But I wouldn't want the PIN-protection on the cards removed just because it annoys me. It's there for a good reason, and a bit of annoyance is a small price to pay to keep my money safe.

What did he do?

I'm not mocking your friend, I'm asking a serious question. People don't hack into email accounts and send out incriminating emails without having a reason for it. Especially not that second, that sounds like it was personal somehow.

A friend of mine had her eBay account hacked, and in the process of restoring everything back to her, eBay's technical support warned her that it was most likely done by a keylogger on her computer. Having no idea what to do, she unplugged her internet connection and asked me to help her remove it. (I ran the Read & Run guide on her system while she made me dinner. LOL)

In her case it wasn't about what she did, but rather what she didn't do: Protect her computer properly. The only security software on it was Norton Anti-Virus, and it was two months out of date. No firewall, Spybot, or anything else. That's a bit like standing on a mountain top, holding a large copper pole, during a thunder storm, to the malware that sniffs around out there. In the interest of not having to come over and run scans for six hours again, I of course cheerfully told her she brought it on herself, and to not be so careless about her account information anymore. And then I lent her my laptop and told her to go through and change all her passwords, starting with the bank, while I installed a few things to her computer.

 

I don't know exactly what he did, but some times your own mates can take advantages of sabotaging your reputation in a company or Organization, that's i was expressing the issue of keeping passwords and changing them regularly as a serious issue.

 

I guess from the company's perspective, they get tired of dealing with "somebody hacked my account" complaints from people with overly simplistic passwords.

At the very least, there should be something universal about passwords, like allowing all keys, upper and lowercase, etc. That way, users can create their own personalized algorithm for each website.

And for christ's sake, yahoo needs to fix the way it detects the login name being used in the password. I was trying to set up an email acount "fredsmith1975" and it kept falsely saying that "grubby1" was too similar to the screen name. (name and passwords are hypothetical.)

 

Thanks, this is probably the most useful reply. I'm kind of tired of recording passwords, and having to look them up all the time. BTW, the recorded version of the passwords are in code, so I guess it makes it a little safer if someone were to find the password list.

Alright, so an individualized user-defined password algorithm. The trick though, is to create an algorithm that will work with all websites, so the algorithm itself will never change.

So the 'face81236' might be changed to become 'fAce81236!' to meet capitalization and punctuation requirements..... but some sites might not allow capitals or punctuation.....

If there shouldn't be a universal elimination of password requirements, maybe there should be the opposite, universal password requirements. That way each user could have their own complex password algorithm will work on all websites. That way every site would have a unique, complex password, and at the same time, the user would only have to memorize a single algorithm which could be applied to all sites. The password could even take into account the month, for those which have to be changed regularly.


Thanks for the help! Judging by your name, I think you're the right person to answer these types of questions :-D


I think I'll do some sort of password overhaul sometime soon and see if I can get an algorithm that works for all sites.

 

That would work very well.

The world seems to gradually and in a very disorganized way move towards that place though... I can't remember the last time I created a new password that was not case sensitive and required both letters and numbers.

 

Yes.
Exactly. Here we are 2 years later, and the problem remains the same. I have lost count of how many different passwords I have, and rely on sending myself emails on GMAIL, with account passwords that I can never remember.

Unfortunatley, this leaves me even more voulnerable, i believe, because now the strength of many different passwords is reduced to the strength of one password.

On top of all this, the only passwords I feel worthy of highly cryptic passphrases, are my online banking, remote desktop and email. However, the requirements for these are often weaker than requirements for forums, blogs, various web services, and even video games.

Now I fear simple losing accounts due to forgotten passwords, and being frozen because of numerous failed password attempts.

HOWEVER,

I disagree with "ending password requirements" What I would like to see, is instead of "password requirements" is "password possibility" so that when you make an account passphrase, it displays an example of the longest password length available on their system.
like:
Your p4ss.\/\/orc| ken lewk li|<e thi5.

and that would be an example of the longest password you can use on that system. So then the user would say "ok ill use w4t3\/er w0r|<s as my passphrase".

 

Foodcubes, I do alot of information researching and do find it annoying that for even small bits of information, and even just to explore a business that wants to sell you something, you have to have a password. Agreed for some things it is to protect you, but alot of this requirement to give your particulars is to gain leads for their sales dept., count their traffic for advertisers, so on. What with passwords for all banking, prof. orgs, everything computer, I look at remembering all this stuff as an aid to preventing senility in my advancing years.
Sheena