I am bad at remembering words.
Seriously. Back at the school I could never remember any poems, or my role in play, or theorems. These always took me days to memorize, and I forgot them anyway. Well, at least today I don't have to remember these word-by-word. But there are still words I have to remember - passwords.
We all know the rules for good passwords. Use different passwords for every site, make sure your password is hard to guess and find, never write it down or share it. These are the basics. How does it look in practice?
At my job in TR I need access to systems protected by 9 distinct authentication databases on a daily basis. The requirements between them differ, but at least 4 have:
- Password needs to be changed every 90 days
- Password must have at least 15 characters
- Password must have characters from at least 3 of character categories (uppercase, lowercase, digits, punctuation)
- Password must not be similar to any of the previous passwords
Okay now. After 3 years in the company I've run out of ideas for memorable passwords. Seriously. I've spent an hour looking at the screen, trying different combinations, all I got was - too similar to one of the previous passwords.
My way out of this was - type a bunch of random characters, make sure the constraints are met, use the result as a password, write it down in a file. This is wrong for various reasons. I can't access the services from any machine without this file. If I lose the file, I'll lose access to the systems. If someone gets the file, I won't even notice.
Am I the only one with such problems? Well, probably not. NIST (US government agency) is formulating a set of password rules to help design authentication systems where passwords actually have a purpose. And yay, there it is - "No more expiration without reason". When that goes in, I may actually invent one more password worth remembering.
Also, if you were wondering about this post's title. It's an actual Microsoft error message that I found while reading The Best Interface is No Interface. That's one great book about user experience engineering, so if you are interested in that subject, go get it.
No comments:
Post a Comment