the one that annoys me is no consecutive characters the same, I feel your annoyance

 

The ones to watch those which stipulate a fixed password range, don’t accept certain characters as these are programmatic hints that the passwords aren’t hashed/encrypted.

 

It does occur that to maintain the rule that you can't ever re-use a password, they must be storing every password I've ever entered somewhere! I'm not very happy about them doing that!

 

To be fair - I expect they just use a trapdoor method to encrypt your chosen password and then check if it matches any previous encryption value. Since these can't be reversed back up to text then all they are storing are meaningless encryption patterns to match against.

ANYWAY - apart from that - I fully agree with your rant. I detest the whole password debacle and the sooner we can have reliable and robust biometric certainty then the better for me.

At work recently they increased our passwords on our laptops to 15 characters, with no consecutive letters........

 

BT's wifi passwords drive me nuts. They are invariably a random sequence of upper and lower case letters, and numerals. They are impossible to remember and a PITA to enter on a phone. OK, they are printed on the router but if that's in an awkward place (which is invariably the case to get the best coverage while simultaneously being close to a mains socket and a phone socket) it's another PITA finding it. Maybe that's why they invented the WPS button but if the device you're trying to connect doesn't support WPS that's no help!

 

I'd agree on that one. I think you can change them to a self chosen password, but I've never quite got around to it. Probably would still have halfarsed rules about what it needs to be though.

 

ThEQuICkbrOWnFo

 

Last term at one of my places of work, the ‘supply’ account got hacked, so they needed a new password. The new tech guy set it to: N3wPa55w0rd - ah well...

Fortunately with the new term it’s back to something more sensible.

 

There's one I have to use at work which stipulates that the password cannot contain any word that's in the dictionary. As it turns out, everything is in the dictionary. This means I have to use something that's nonsense that I have to write down.

There's another where you can't reuse and it changes fortnightly. I have to do a lot of resets for that one.

 

I like it, when creating a new password, you're informed that the password already exists. How does my random series of letters and characters already exist? Bloody code cracker me!

 

The firms paying my pension outsource the admin and keep changing the firm they use. Each time, you have to sign up for a new website, and navigate the horrors of a design produced by raving mutant zombies. All for the sake of looking once a year at your P60.

The latest one asked me to set up a password, miniumum six characters, mix of upper, lower and numeric. I chose a 20 character password; the longer it is, the more secure. The site accepted it in the box; accepted it in the repeat box; and let me click Continue. Then, and only then, it told me you're allowed one instance of one character recurring, but not two instances. What the !!? I reduced the security of the password by choppng off the last eight characters and it was accepted.

Now red and steaming, I clicked to print the three-line P60 without noticing they'd made it twelve pages long, and had preset it to print landscape although they were portrait pages.

 

I've given up and use a password manager, so someone only needs to hack that and they can have all my life

 

I've often wondered about that. I know there is key stroke software but then having it managed seems less secure.

What I find most alarming is the move to finger print or face recognition. One of my friends has happily moved onto this system believing it to be secure. At this point I'll say in the grand scheme of things I know nothing but in 30 minutes I had 2 different workarounds to get in to his stuff- just to show him. Defeating the FB 'security' was surprisingly easy but it was an effective route to even more access on other things.

My point is that now there is ever more requirements to provide ever more information which simply means that once something is hacked, the damage to the individual will be greater.

Anyway, I suppose the end result is that the oxymoron of online security is as unsustainable as unchecked consumerism and it is a question of when, not if, the whole system will fail.

 

The bit that concerns me is hsbc recorded my voice without permission, fingerprints and the like are not real scans so the data is just put into 1's and 0's but just guessing, I chose the password manager as its supposedly encrypted and not stored on any servers, but I guess we'll see, phone authentication is starting to annoy me but I guess as long as you have your phone you're fine, it's a pain but a phone password is essential incase you lose it

 

I am wondering whether the requirements to make password more complicated actually increases the chances of that same password being used on multiple sites...

It is fairly straightforward to remember one complicated password (or write it down) but it is a pain in the backside to remember lots of complicated ones and where to use them.

So complicated passwords may be self defeating?

 

So complicated passwords may be self defeating?

A belated reply, but I witnessed exactly that at a financial corporation twenty years ago. An over-zealous security team insisted on massively complicated passwords for its LAN (local area network). We began to see a sprouting of yellow post-it notes stuck to people's screens, each bearing a pencilled password...

 

 

I was on a cyber security course in a previous job where the instructor was all in favour of having memorable sentences and using the initals as a password. His example was "Margaret Thatcher is 1 hundred per cent sexy" giving a password of MTi1hpcs.
I suggested I'd use "Police and sailors should wear zero rated denim"
I wasn't asked to contribute any further.

 

I bought some venetian blinds online from "the Range" yesterday. I paid with "Paypal" most retailers take that now but even so I was required to open an account which, of course, required a new password. I use Firefox browser and when I got to the point of creatting the password Firefox offered to supply one for me. I don't recall it doing that before - it is a while since I opened any new accounts though. Firefox promised to save this new password for me and automatically enter it when needed. I figured because I've no plans to buy from them again and they don't have my bank details to lose this is basically a disposable account so I let it do the work for me.

Thinking about this now, I think in future I will let Firefox take on that headache as a regular thing. One less thing to worry about.

 

It's definitely tempting to let Firefox do it. Their individual passwords will be more secure than the names of our dogs / children / cars. However, if you do get hacked, it could affect every password. What I don't know is the risk of that. I've read that specialist password generators have higher security than Firefox's version too.

 

I have a password manager that will generate secure passwords for me, it's just that at the moment of needing it to, I usually can't be bothered to open it up and generate one. The Firefox thing is just so easy and seamless, it probably means any future one-off online purchases will be smoother to complete, with a better password than I would have bothered to create and it won't be the same one I usually modify and use for the purpose.

 

I am afraid if an online seller doesn't allow me to purchase as a guest they lose the trade. I cannot be bothered to create an account for some where I will not return to for a year or more. I have not yet been forced on to paypal which I avoid preferring to use a credit card.

 

That used to be my philosophy too but a bargain is a bargain and with two day delivery as well.

The Firefox password facility lets me create such "disposable" accounts much easier. I'm much happier using Paypal in preference to sharing my card details with any Tom, Dick or Harry. I's free, secure and I fund it with my credit card.

 

My wife came across a weird one yesterday. Setting up a new account with an insurance company, she did the usual combination of upper case, lower case, number, special character for her password.

She got the error message "there is something wrong here", so, thinking she had maybe mistyped something she tried again. When she got the same message on her third attempt she checked their password requirements: "the password must contain a number or a special character". Never seen that before!

 

Tesco insurance have a requirement for the password to be over 7 characters long and have numbers and letters. What the requirements do not say anywhere - but clearly turns out to be the case - is that there's either a maximum size too, or it only checks the first 7 characters to make sure the mix is as they required. So you can use a password which obeys all their stated rules and will still not be accepted.

 

This thread is so old that a seance rather than resuscitation is needed but...

I've tried registering on eLum to download a manual. Just how complex do they want the password to be? I've failed miserably.

 

I bet it's exactly the same issue as the Tesco one I mentioned in the last post before yours - it's only checking the first 8 characters, and there's no special character in that section.

 

I bet it's exactly the same issue as the Tesco one I mentioned in the last post before yours - it's only checking the first 8 characters, and there's special character in that section.

Spot on... it worked.