With the rise of internet, people have more and more passwords. Well, if you are a typical user, you have a list of passwords. It is usually considered bad style to reuse the same password at multiple sites. This is becoming especially important as the user’s login id is usually the email address. Thus if you know one, you know it for a lot of sites. Of course, the IT department either gives you some “intuitive” rules to follow ever time you change your password.
Your new password should …
-
-
- never reuse a old password
- Not be a name or a word
- be longer than 8 characters
- contains letters and numbers
- contain one upper and lowercase letter
- contain at least one symbol
- never be written down
- be almost impossible to remember
-
Well, perhaps not the last one. None of these are terribly difficult to follow, yet as the number of passwords start to get large changing your password every 30 days is more than just a pain but actually to be creative each time gets harder and harder.
Going through this exercise is especially important for important systems, but perhaps such harsh rules are excessive for unimportant systems. While working with one of these rather unimportant systems I did discover a small work around. This bug tracking system actually had all of the rules so you did need a strong password, but it actually did not implement the check for the first rule. Every 30 days you needed to reset your password to a new password but you could reset it to the same value each time.
Thus the password is always the same, easy to remember but perhaps not so secure. I suspect that Harvey forgot to test that prior to putting this system into production. Oddly enough, I never did mention this fact to him.