Rules for a Good PasswordI think we've got some major concerns if zab!bcd# is not sufficiently secure. And is Rock_00- really less secure that oRck_00-?
· The password must be 7 or 8 characters.
· The password must include at least one lowercase letter.
· The password must include at least one uppercase letter.
· The password must include at least one number.
· The password must include at least one non-alphanumeric character from this list:` ! # $ & * ( ) - _ = \ | [ ] ' ; : / ? . ,· At least 4 characters must be different.
· The password must avoid any known word.
Examples of a password that will NOT pass: a2b!ccd!, zab!bcd#, a*a*a*a*
Examples of a password that will pass: Abc!jk1!, D1ngd!ng, B*12fr*g
2005-04-22
|n\/a1id Pa55w0rd
I set up my NetID for Syracuse this morning before class, and the process confirmed my suspicion that computer administrators' expectations for having "hard to guess" passwords are getting way out of hand. Back in the mid-90s many servers would let you use pretty much anything over four characters. Granted, you could be stupid and use something guessable (say, password), but you could be smart and use a phrase that means something to you and you alone (say, elvis24). Around 2000, though, many systems started being choosier, but for the most part requirements were reasonable. A seven character minimum or requirement of letters and numbers would prevent you from using password or j0hn, but still allow elvis24. In the past couple years, however, password requirements have become increasingly strict and are now downright ridiculous at times. Businesses like Amazon.com don't want to irritate their customers, so they're easier going, but school servers are the domain of the nerdiest of the computer nerds, and no one is more paranoid about password security than ultra-nerdy computer nerds. Look what I had to face this morning:
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment