Sunday, March 30, 2008

Password UnProtected

Doesn't it seem these days that passwords are getting less secure? When an effort is made to make them more secure... by forcing us to have longer, more complicated, harder to guess and harder to remember passwords, and changing them frequently--doesn't that ultimately make them less secure?

Here's why I think so. At work I have a personal password to get onto the network, and then I have to use another password to get onto the payroll system. One needs to be changed every two months, the other the same amount of time but it's on a different schedule--and I can't use the same password for both of them.

So every two months I have to change my password, it has to be a certain length, have at least one capital and one lowercase letter, and also a number or special character.

This is getting difficult to remember! Every couple of months I have to change my password to something obscure... and then I come in the next day or after a weekend or something and have to remember it! And I can't! So I've had to start writing down cues on little sheets of paper by my desk so I can remember them. I don't think I'm alone in this... but I think that being unable to remember these passwords is really counterproductive in the effort to make them more secure.

Plus I'm tired of continually changing it.

8 comments:

Malak said...

Asalaamu Alaikum Amy,

You are so right on! I have 10 passwords for work alone. Not to mention banks, numerous bills, emails, etc. It's ridiculous!!

I forget mine all the time. There is one web-based program we use called SalesForce. I forgot my password and it locked me out. It tells me to contact my local administrator. I AM the local Admin!!! LOL........oy vey.

Marcelle

Anonymous said...

As-Salaamu 'alaikum,

I have a handful of passwords and I use about three for most of my business. One habit to definitely get into is not to use the same password for encrypted logins (that means any site where the location bar turns yellow, or where a padlock sign appears, when you log in; Yahoo, eBay and any site which involves money use encryption) as you use for other websites, including most content management sites (NOT including Blogger and TypePad). I have personally had my eBay account cracked by someone and got complaints from other users about the cracker's behaviour, and that was the only way I can think they got into my account. How I got it changed is a whole other story which I told here.

Amy said...

Wa alaikum as-salaam

You know I wasn't even thinking of all these other accounts like ebay and banks and paypal and who knows what else. I'm having trouble just remembering userIDs now, not to mention passwords. And frequently have to have them changed or emailed to me--not just at work, either.

It just seems a little ridiculous to me.

Anonymous said...

One thing to keep in mind: it is easier to secure a piece of paper than it is to secure a computer account. Keep your passwords on a piece of paper that never leaves your side, is well hidden, or is locked in a safe.

ameir said...

There are programs that let you store confidential information (passwords, social security numbers, bank account numbers, etc) and then encrypt them. This way you only need to remember one password to open the program and then you can access all your info right there. Since I have a mac I use wallet (http://www.waterfallsw.com/wallet/) but I'm sure there are some for windows as well.

Amy said...

Thanks for the tip Ameir.

Anonymous said...

There is another idea, is to use some sort of equations to generate passwords according to certain events you know very well. It could be helpful in case of periodically changing passwords. and then just remember the equation. LOL. There are other ideas for different types of passwords.

Unknown said...

hmm my Uni has the same thing. .except tht u have to change it every 5 weeks. it starts giving u a heads up after 3 weeks. and u cant keep ur last 25 passwords
it uber annoying!. but ur specifications r even more so.