Heh

An anonymous reader sent me this graphic.  It’s said to be a “senior” trying to reset a password, but in my experience most of us, senior or junior, have all had moments like this.  Click the image for a larger view.

That’s one reason I switched to a password manager some years ago.  I have it generate new passwords when I need them, much longer than the minimum and containing a complex mixture of characters.  It remembers them for me, so I don’t have to!  I also change passwords on critical Web sites fairly frequently, to make it harder for scammers to access my accounts.

Peter

12 comments

  1. Having spent years in .gov service, and going through those password drills, I have a specific sequence that I use and I also change my passwords regularly. I don't use anything that 'saves' my passwords, because a hacker gets that, they get access to everything you have.

  2. Everybody loves to rag on Windows, but the password settings in Windows are very simple. Indeed, you can even have no password at all if you are the administrator (home user) and so desire.

    No, what this is, is a lighthearted description of your typical IT bullshit.

    I get it. IT administers a large network with many users and they don't want to get hacked because of some user stupidity. However, making password rules so onerous will cause users to do the simple thing, which is to write their password down on a slip of paper nearby – maybe even taped to the underside of the keyboard – thus rendering all of the onerous password rules moot.

    Before I retired, after having to suffer through this stupidity every 6 weeks, I finally came up with my own solution. I used a simple pass-phrase that followed all of the rules and was easy to remember – appended by a number. Then, when a password change was forced, I simply repeated the same phrase and incremented the number. I then wrote the new number down somewhere.

    Yeah, I know. It's not the best security, but by the time I had suffered through this for a few years, I really didn't give a damn if they got hacked. By the time I retired, my passphrase increment number was up to 64.

  3. What got me was each and every IT system had different rules for how often you had to change the password. Some were every 60 days, some every 90 days, some every 30 days. Not so bad right, just change them all every least common denominator. NOT.
    Some WOULDN't let you use symbols while others made you use symbols, but only certain ones, and sometimes the 'certain ones' didn't overlap. I even had one system that had min AND max password size. It was nuts. I finally started writing them down, and ended up with 2 SINGLE SPACE TYPEWRITTEN PAGES of passwords.
    My solution to security of my passwords? Use a non-Windows password protected encryption program for that file so that I only had to REMEMBER ONE FRIGGEN PASSWORD.

  4. I like Craig's solution.

    Several years ago, twice in as many weeks I thought I had lost my flash drive. Which had a backup file of all of our Quicken data going back 20 years. I hadn't, but it worried me that it might yet happen.

    Acting on trusted advice, I encrypted a quarter of the flash drive, and moved all of the sensitive stuff in to the encrypted portion. I've since encrypted two more quarters, so one quarter has the stuff I don't care if anyone sees, and the decryption program, and the other three quarters has the none-of-your-business stuff. And the password for the encrypted portions is a sentence which contains a non-word which is specific letters from another sentence.

  5. I have a formula, a heuristic, from which I can figure out any of my passwords. No need for a manager. Two exceptions, my bank and email accounts. Those are memorized and cannot be figured out.

  6. Interesting techniques. At work, I do the number-with-an-increment sort of thing, but with a twist: I make it so that it's not only a number (and given the length of time I've had my current job, I've gone through quite a few iterations), but I also combine it with a mathematical operation to add more digits.

    Motivated by vanity and pride, I would describe how I handle my password security at home, but I'm paranoid about computer security these days, so I won't do that. 🙂

  7. Most of the described password selection "techniques" are vulnerable to rainbow table attacks while physical access to the machine will also render your passwords useless through tools like Mimikatz or Kon-Boot. There is no really secure system and Windows is notoriously worse than others. Depending on your security requirements I'd recommend using a layered approach: use Linux, FreeBSD or even MacOS rather than Windows, encrypt your drives and use multi-factor authentication (U2F chip -they're pretty cheap and readily available – and password for example). Of course if this may be too much overhead for a user, so you decide how much risk you want to accept…

  8. There is no financial information on my computer nor links to any. If someone hacks into it, the most exciting things they will find will be nude cakes, yellow or chocolate. That is, they have not been frosted.

  9. I knew it was only a matter of time before someone came back with the usual "use Linux..". Yeah, try that with your IT department. At home, who cares.

    Most hack attacks are not password based anyway. Most of them nowadays are "phish" based. That is someone sends you an email purporting to be from Google or Paypal or FedEX requesting that you click on a link for something, and some goobers… Will Do It!

    Like "urban legend", I have no financial information on my computer. I do NO online banking – as in NONE – ZERO! Why? Because if a hacker hacks you, it is on you. If a hacker hacks the bank, it is on THEM!

  10. My favorite technique for creating passphrases is to pull a random part of a random sentence from a book, say… the Bible. In Latin. And then substitute numbers for some of the vowels.

    Easy for me to remember, but difficult for someone else to make sense of.

Leave a Reply to JaimeInTexas Cancel reply

Your email address will not be published. Required fields are marked *