Those do make good passwords though. Had a company switch from 10 characters including special, caps, numbers lower upper requirements to 15+ with no requirements because it still would end up being harder to crack. Started using phrases where you could even put spaces, but in all lower case for me if was much quicker to type
Tangerine$45 is much harder for me to type than
whatthefuckamidoinghere
I think it’s because I have to pause to think shift 4, then hit 4 and remember if my fingers are still by the 4.
All just examples but the standard keys… Are all automatic for me because of use.
I don’t blame anyone for forgetting their password—it’s a dumb system, having to memorize 100 separate 16-digit randomly generated base64 codes that change once a month. However, I do blame them for not using a password manager, and I do blame them for making their problems other people’s problems.
Ours isn’t like that at all. They dont even have to change it every three months. The insecurity is crazy here and they still can’t remember the same password they’ve had since before I started working here.
Forcing password changes too frequently is actually a security risk, as it encourages bad practices like re-use, iteration, keyboard walks and writing the passwords down.
There are reasonable limits to impose on this, and educating users with demonstrations such as haveibeenpwned have been highly effective in my experience.
I was against you until password manger. good save. I login to dozens of systems every day, I remember 2 passwords, all others are 16 character gibberish.
However, I do blame them for not using a password manager
Managing the passwords in your password manager becomes a job in and of itself when you’ve got enough of them floating around. My office is on year two of trying to do automatic password rotation for the myriad of service accounts in our systems. Anything that’s not Active Directory integrates is a headache. And even the ones that are have to constantly stay ahead of the Microsoft Updates curve or run into security problems of all sorts.
It would be cool if everything could be SSO, but you need to have a certain amount of faith in your OS to accomplish that.
Some millionaire in my office: “Hey, Sanctus, what’s my password for my computer again?”
Me, who can barely afford to fix my car: fights the urge to use a letter opener as a weapon
That’s a really long password no wonder they forgot it.
Sick entropy, though.
Horse battery staple moment
Got me, haha. Thanks for the laugh.
Those do make good passwords though. Had a company switch from 10 characters including special, caps, numbers lower upper requirements to 15+ with no requirements because it still would end up being harder to crack. Started using phrases where you could even put spaces, but in all lower case for me if was much quicker to type
Tangerine$45 is much harder for me to type than whatthefuckamidoinghere
I think it’s because I have to pause to think shift 4, then hit 4 and remember if my fingers are still by the 4.
All just examples but the standard keys… Are all automatic for me because of use.
My most secure password is a full phrase of over 40 characters, plus punctuation.
I don’t blame anyone for forgetting their password—it’s a dumb system, having to memorize 100 separate 16-digit randomly generated base64 codes that change once a month. However, I do blame them for not using a password manager, and I do blame them for making their problems other people’s problems.
Ours isn’t like that at all. They dont even have to change it every three months. The insecurity is crazy here and they still can’t remember the same password they’ve had since before I started working here.
Forcing password changes too frequently is actually a security risk, as it encourages bad practices like re-use, iteration, keyboard walks and writing the passwords down.
There are reasonable limits to impose on this, and educating users with demonstrations such as haveibeenpwned have been highly effective in my experience.
I was against you until password manger. good save. I login to dozens of systems every day, I remember 2 passwords, all others are 16 character gibberish.
Managing the passwords in your password manager becomes a job in and of itself when you’ve got enough of them floating around. My office is on year two of trying to do automatic password rotation for the myriad of service accounts in our systems. Anything that’s not Active Directory integrates is a headache. And even the ones that are have to constantly stay ahead of the Microsoft Updates curve or run into security problems of all sorts.
It would be cool if everything could be SSO, but you need to have a certain amount of faith in your OS to accomplish that.
Your password is “giveMeFuckingRaise!1!1”