Sep 4, 2007
Pick a random string of 10 letters, numbers, and symbols, making sure at least two of the letters are capitalized and the entire 10-character string doesn't spell any kind of recognizable word or phrase. Now memorize that 10-character password and use it to log into important websites and things like that.
That's the stupidest thing in the history of the universe. Yet more and more, I'm forced to do exactly that. I truly believe longer passwords are less secure than shorter, more memorable passwords. What do I do with all my stupidly long passwords? I write them down, thus committing the cardinal sin of passwording. I keep all those passwords in a password-protected document, so there's at least some amount of security. But honestly, it defeats the purpose of having a password in the first place. There's no way I can remember these passwords, and it would be stupid to use the same password for everything. I'm forced to write them down or click on that link that says "Forgot password?" every time I login to a website.
I'll take a wild guess and assume my method for storing passwords is actually more secure than the method used by most other people. I've seen passwords written on pieces of paper, stored in a desk drawer, or carried around in a wallet. This obviously isn't a viable solution, but it has solid rationale: What if you forget the password to the computer where your password-protected document of passwords is stored? You can't argue with that.
To you nameless, faceless people who invent password requirements: I can assure you, longer passwords are less secure. #technology
That's the stupidest thing in the history of the universe. Yet more and more, I'm forced to do exactly that. I truly believe longer passwords are less secure than shorter, more memorable passwords. What do I do with all my stupidly long passwords? I write them down, thus committing the cardinal sin of passwording. I keep all those passwords in a password-protected document, so there's at least some amount of security. But honestly, it defeats the purpose of having a password in the first place. There's no way I can remember these passwords, and it would be stupid to use the same password for everything. I'm forced to write them down or click on that link that says "Forgot password?" every time I login to a website.
I'll take a wild guess and assume my method for storing passwords is actually more secure than the method used by most other people. I've seen passwords written on pieces of paper, stored in a desk drawer, or carried around in a wallet. This obviously isn't a viable solution, but it has solid rationale: What if you forget the password to the computer where your password-protected document of passwords is stored? You can't argue with that.
To you nameless, faceless people who invent password requirements: I can assure you, longer passwords are less secure. #technology
but then i guess it saves all of your passwords on their site thus giving someone else the "piece of paper" and your main password (which is used to generate all of the other ones)...
Having recently been on a committee that was tasked with creating a password guideline where I work, I have a bit of an appreciation for these types of requirements. At the same time, I totally agree with what you are saying, and this point was actually one of our top discussion points when trying to come up with a usable guideline. Doing desktop support, I've lost count of the number of post-its with passwords stuck to monitors, or people who greet me with "Do you need my password? It's..." As I stuff my fingers in my ears and yell "La La La ... Not Listening!!" My favorites are the ones who proudly show me that their post-it note is under their mousepad - because no one else has ever thought of doing that.
Anyway, I've found the easiest way to remember a strong password is with a sentence. Something like "My Gmail password is too awesome for words!" That would be MGpi2a4w! I know that's only 9 characters, but you get the idea. You can make it more complicated/easier by doing things like having a rule for yourself where the 3rd and 5th characters in your passwords are always the capital ones. You can make a sentence that relates to the particular site/service that the password goes to, like in the example.
However, if it was something I typed in on a daily (or many times daily) basis, I would remember it. The problem is all these stupid websites and services that I use twice a year to complete some sort of ridiculous training requirements.
I'll also add that biometrics are not the answer. This technology while clearly cool is far from practical or reliable.