And no password policy is going to fix that. In fact, it might make the problem worse.
Today I'm forced to create passwords that are terrible. Terrible in that I can't remember them. But they are "good" by someone's standards.
- At least 12 characters long
- Containing upper and lower case characters as well as special symbols
- No dictionary words
- No more than 2 of each type of character in a row
- Has to be changed every 60 days
- Can't be re-used for 6 years
- Can't be remembered for more than 6 minutes
Sometimes I forget the password after a month. Yes, after typing it in every day for a month, I can no longer do it. My fingers just want to mash random keys instead. I've had this problem as far back as I can remember. How far back is that? I forget. But for reasons I can't explain, I would forget my locker combination several times per year in high school. The combination never even changed. I had the same one all year. I just lost the ability to remember it every once in a while.
Today I can tell you the license plate number from my first car, but I can't reliably remember my passwords. I only had the license plate for 4 months, and it was 19 years ago. There is something wrong with my brain.
I really want to switch to randomly-generated multi-word passphrases (read this PDF), but unfortunately I don't set the security policy.
|Amphibian.com comic for September 29, 2014|