# # Tough Passwords
APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Tough Passwords

I've removed advertising from most of this site and will eventually clean up the few pages where it remains.

While not terribly expensive to maintain, this does cost me something. If I don't get enough donations to cover that expense, I will be shutting the site down in early 2020.

If you found something useful today, please consider a small donation.



Some material is very old and may be incorrect today

© August 2006 Anthony Lawrence

2006/08/07

We've had this talk before. Unfortunately we are sure to have it again. And again.

The first email that greeted me this morning started out with "what the hell is that password?!?". The word in question was a remote access password that had recently been changed because of the unexpected departure of a high level employee. It wasn't that the person asking the question hadn't been told what the new password was; he had. I could be wrong, but I had the strong impression that he just didn't like the complexity of it.

It was their new IT person who had reset this, and he had done it right: 10 characters, mixed punctuation, numbers and upper and lower case letters. It was a great password.

Too bad it didn't work.

I figured out why pretty quickly: somehow the email that gave the new password had "P:" ahead of it. Let's pretend the password was 23$Ca%Pk98. The email said:

remote access P: 23$Ca%Pk98

Because of proportional fonts in html mail, that ended up looking like

remote access P:23$Ca%Pk98

Blame Microsoft for that: before they stuck their grubby fingers in email, that couldn't have happened. But I digress.

I can understand the frustration of the user. He also said "please write what the actual password is more clearly". That's something I almost always do. For example, I'd usually say:

remote access 23$Ca%Pk98
numeral-two numeral-three dollar-sign upper-see lower-ay percent-sign upper-pee lower-kay numeral-nine numeral-eight

But that's just me, and I'm more apt to do that when writing with a pencil than with a keyboard. It wouldn't have helped here, because I had the wrong password too.

Anyway: I'm not certain this guy was complaining about the password. As it didn't work (at least as presented), he may have just been frustrated by that. After all, you leave work Friday night knowing you have some important stuff to do over the weekend and then you can't get in. Frustrating. Maybe that's all it was.

But at other times, in other places. I've had non-techy types complain about "hard passwords". They don't like hard to remember passwords, especially dislike hard to type passwords, and they whine and complain, and all too often I eventually get a polite email from top management asking me to make it "easier".

Sure. At lots of places, "abc123" is a favorite. The word "password" doesn't lag far behind. Those are wonderful passwords, very suitable for protecting systems. Oh wait, here's another great idea: take the company name and make that the password! No one would ever think to try "AcmeBrake", right? Ri-i-i-ght.

With some customers, I can't win: AcmeBrake it is, and that's that. Others reluctantly accept what I suggest or at least do something part way: "Acme2006Brake". That's a little better, I guess.

A little better.

See this for a good way to generate unique passwords that you can remember easily.


If you found something useful today, please consider a small donation.



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

->
-> Tough Passwords

3 comments


Inexpensive and informative Apple related e-books:

iOS 8: A Take Control Crash Course

Photos: A Take Control Crash Course

Digital Sharing Crash Course

Take Control of Preview

Take Control of Parallels Desktop 12





More Articles by © Anthony Lawrence



Related Articles






Tue Aug 8 00:29:00 2006: 2376   Sledge


I worked with a guy that advocated writing passwords down. This way, he was able to enforce a 27 character at least one number, one upper case, one lower case, one special and one extended ASCII character password (j/k but almost), people would be more accepting of the burden because they had the reference. I see the logic but something in me still says they should not be written down.



Tue Aug 8 01:14:26 2006: 2377   TonyLawrence

gravatar
Well, written down where? On a card you carry in your wallet or on a Post-It on your monitor?





Thu Jun 24 13:20:22 2010: 8742   TonyLawrence

gravatar


I recently came up with an even better way to do this:

(link)

------------------------


Printer Friendly Version


Related Articles

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us


Printer Friendly Version





Computers are like Old Testament gods; lots of rules and no mercy. (Joseph Campbell)




Linux posts

Troubleshooting posts


This post tagged:

Security



Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode