Simple password rules…

This is a bit of a rant after a wasted evening.

Recently I attempted to create an account at an educational institution that shall remain unnamed.  (I am associated with four similar institutions and they all take different approaches to creating user accounts.)  This one I found particularly interesting when it came to creating passwords. The following are the rules for creating a password that were presented after my first unsuccessful attempt. I particularly like numbers 4 and 5.

    1. Must be between 6 and 8 characters long.
    2. Must not match anything in your account information, (i.e. 3 consecutive characters from login name, fullname…)
    3. Must not have more than 3 repeated characters (For example, aaaa).
    4. Must not match certain patterns (i.e. license plate number).
    5. Must not fall into any of the above categories, when reversed, pluralized, or truncated.
    6. Must not contain the characters ‘&@#{}’.
    7. Must contain at least 4 unique characters.
    8. The first 6 characters must contain at least 2 alphabetic and at least 1 digit (0 – 9) or 1 special punctuation character.

      Now is it just me, or do these sound like someone is getting carried away?  My banking password instructions are not that complex! Don’t get me wrong, I understand the need for strong passwords but this kind of thing makes me crazy.  Surely developers can find a reasonable compromise between security and usability?

      Oh yes, I never did access my account, I now await a response from tech support,  I wonder what the cumulative cost of these rules is to the institution in terms of support calls?


      About Thom Kearney

      Change agent, teacher, arts, science, open government, father, mentor, storyteller, husband, dog owner,collaborator, not necessarily in that order.
      This entry was posted in Rant, Uncategorized. Bookmark the permalink.

      Leave a Reply

      Fill in your details below or click an icon to log in: Logo

      You are commenting using your account. Log Out /  Change )

      Google+ photo

      You are commenting using your Google+ account. Log Out /  Change )

      Twitter picture

      You are commenting using your Twitter account. Log Out /  Change )

      Facebook photo

      You are commenting using your Facebook account. Log Out /  Change )


      Connecting to %s

      This site uses Akismet to reduce spam. Learn how your comment data is processed.