Passwords

sbfluter · Post by **sbfluter** » Tue Jan 22, 2008 5:08 pm

Has anyone ever invented anything less secure than passwords?

I have to use a password to log on to my PC. Once in, I have to use a password to log into the version control system, the 2 different project tracking systems I use, the wiki we use for a knowledge base, the UNIX system, the horrid SAP system where I fill out my time sheet, the instant messaging system, and my voice mail. God forbid if I have to use the software that we make. That's more passwords. I'm surprised there's not a password on the toilet.

The other day I couldn't log into the SAP system (which requires several different things to log into just to get into it.) So I had to call the help desk. They reset my password and left the new password on voice mail. I went to my voice mail to listen to my new password, and got a message that my voice mail password had expired. I nearly had a mental breakdown.

MESSAGE TO THE GEEKS: THERE IS NO SUCH THING AS SECURITY! The harder you make it the less secure it becomes.

I have to keep a list of all my passwords next to my computer just to get through the day. They have us changing them all every few weeks on schedules that do not match so there's no way to remember them because they change too often and they have silly rules where you can't reuse them. And god forbid you guess wrong 3 times! Now you'll have to call the help desk and get it changed again.

There has to be a better way. Geeks say that you have to train people better and force them to use lots of funny characters, numbers and capital letters and make them change them frequently. HA! The harder they make it the more likely we human beings are to have post-its all over the monitor with our passwords!

Message to geeks: Stop thinking like computers and start thinking like people.

Thank you for listening.

mutepointe · Post by **mutepointe** » Tue Jan 22, 2008 5:25 pm

To make my life easier with passwords, I came up with this system:
1. I have a theme to my passwords (like Chocolate Bars or Cigarettes.) That helps.
2. Then they came up with that crazy capitol letter/number/symbol system. I beat that one too. I put the two-digit number of the month right smack in the middle of the word. I capitalize the second digit of the number and I capitalize the first letter of the last half of the word. Here is what snickers would look like in January snic0!Kers. This is what snickers would look like in Februrary snic0@Kers.
3. This has worked for years. Whenever I do made a mistake, I come up with a new password with the same theme with an even number of letters.
4. I get to change all my passwords on a monthly basis.
5. I haven't had that random password change thing happen yet. I'll have to figure out some system for that too.

missy · Post by **missy** » Tue Jan 22, 2008 5:45 pm

I use the same password as long as I can. I will add a number to the front of it for a while, then when forced to change it (one of our systems makes you change it every 45 days, not 45 log ins), I put the next number at the end instead.

Ours have to be at least 8 characters, alpha-numeric, and at least on the email, it "judges" if it's "complicated" enough or not.

On a typical day, I have:
computer turn on password
Novel password
Intranet password
Outlook password
Communicator password
Notes password (we're finally getting rid of that thing next week!)
System password. We have 7 instances - 4 Production / 1 QA / and 3 test boxes that I try to keep synched. We also have 18 admin accounts on each of these.
SAP password
Several other intranet databases that require separate log ins and passwords.

Then there's:
home email
several boards besides C&F
eBay
Pay Pal

AAAHHHHHHHHHHHH (hey - wonder if that would work as a password??)

Charlene · Post by **Charlene** » Tue Jan 22, 2008 8:59 pm

I don't use post-its - I've got a list of passwords in Excel that I printed out and keep next to my computer.

Of course, this is my computer at home, and if anyone breaks in and finds my list I'll have more problems than just passwords! I also have a list kept on my e-mail in a folder but that's just for silly things like the surveys I fill out. Haven't been forced to change my e-mail password so it's the same one I started with many years ago. The bank requires a change of password every 3 months so I have a system for that.

kkrell · Post by **kkrell** » Wed Jan 23, 2008 2:02 am

mutepointe wrote: 2. Then they came up with that crazy capitol letter/number/symbol system. I beat that one too. I put the two-digit number of the month right smack in the middle of the word. I capitalize the second digit of the number and I capitalize the first letter of the last half of the word. Here is what snickers would look like in January snic0!Kers. This is what snickers would look like in Februrary snic0@Kers.

I'm sorry, but your passwords now need to be a minimum of 12 characters long, and must start with a number. Oh, and at least * 2 * characters must be Capitals.

Innocent Bystander · Post by **Innocent Bystander** » Wed Jan 23, 2008 2:59 am

One of my passwords which changes monthly is now set to take the month in Irish. It has become a teaching aid.

The best ever password my customers chose was

Yos2btbdo!

which is nonsense until they tell you the password is "You're only supposed to blow the bloody doors off!" from The Italian Job.

If you use the same principle on lines of poetry, you can have your password schedule for the year on the wall by your desk, and no-one will give it a second glance. "I wandered lonely as a cloud..."

gonzo914 · Post by **gonzo914** » Wed Jan 23, 2008 7:08 am

I use the numbers and symbols to spell out obscenities, such as @~~H01e or $H1+he@d. My work is set up for a single password for everything, so when I change it for my email, it changes for every system I have to use. If your IT can't do that, too, they are either incompetent or lazy or just plain evil or a combination of the the above.

Enclose · Post by **Enclose** » Wed Jan 23, 2008 7:19 am

I just use the same password on everything. It would mean serious trouble if I forgot that one though :p Although that's unlikely to happen as I've been using it for 7 years now

fyffer · Post by **fyffer** » Wed Jan 23, 2008 10:02 am

I'm surprised no one has mentioned PasswordSafeyet.

Where I work, it's a Godsend.

I.D.10-t · Post by **I.D.10-t** » Wed Jan 23, 2008 10:30 am

One style of password, or perhaps more accurately “pass phrase” that I wish could be included is one that changes depending on what information is given.

The example I have seen in the past is the total must =20

The challenge would be 12 and the answer would be 8 because 12+8=20 (in base 10).

So the total password challenge would be

Password______________
Challenge:57 __________

BrassBlower · Post by **BrassBlower** » Wed Jan 23, 2008 1:16 pm

To quote a detective on one of those forensic TV shows:

"A computer is about as secure as a wet paper bag."

Post by **Dale** » Wed Jan 23, 2008 1:37 pm

mutepointe wrote:To make my life easier with passwords, I came up with this system:
1. I have a theme to my passwords (like Chocolate Bars or Cigarettes.)

I noticed that about you. I just hacked your checking account with the password

snickersandunfilteredcamels

crookedtune · Post by **crookedtune** » Wed Jan 23, 2008 1:37 pm

fyffer wrote:I'm surprised no one has mentioned PasswordSafeyet.

Where I work, it's a Godsend.

We put it in a few months ago. It's great for my work-related stuff.

For personal stuff, like websites, I try to use the same few for almost everything. But I do keep an encrypted document on a USB drive that contains a lot of passwords. I know, not very secure....

mutepointe · Post by **mutepointe** » Wed Jan 23, 2008 2:27 pm

Dale wrote:
mutepointe wrote:To make my life easier with passwords, I came up with this system:
1. I have a theme to my passwords (like Chocolate Bars or Cigarettes.)
I noticed that about you. I just hacked your checking account with the password

snickersandunfilteredcamels

since you know my account balance, perhaps you could change "savedarfur" to "savemutepointe." i gracefully decline the free rice. we have more rice than china at our house. and those little packets of soy sauce too.

sbfluter · Post by **sbfluter** » Wed Jan 23, 2008 2:43 pm

I have a system, too. The trouble is that some passwords require special characters and others forbid them. So my system allows for my systematic special characters to be tacked on at the beginning or end. Some require and some forbid numbers, so I do the same with them. That way I can keep a list next to my desk with just a hint.

But with them always requiring me to change them on various unrelated time schedules means that they never match so it's difficult to remember which one is at what rotational or extended character stage in my system.

I therefore agree that our IT department is incompetent or evil. As they all are.