Complicated password policy failure

By | April 8, 2011

In most bigger companies, and for some commercial websites, you have to create what they like to call a strong password. Normally this will mean your password has to be at least 5 characters long and contain at least one number. Nothing wrong with that, and I can usually make a password that I can remember.

However lately I believe companies are pushing us to reach new levels of our brain or something. I’ve been seeing more policies where you have to have numbers, letters, special characters and capitalized letters in it. Oh and to top it of it can’t be a password you had in the past, or a incremental version of that (eg: test1 to test10).

Now lets examine how usefull such a policy is. I used to have pretty strong passwords, hard to guess and difficult to crack. Now that my passwords have to be so complicated I’m resorting to putting post-its on my screen with the passwords again. Very insecure and very easy to hack.

Leave a Reply