Why are Website Password Rules so Complicated?

Sallie Mae is a cumbersome government entity.

Although they are trying to improve the security of the individual.

Personally I would like a more complex password.

sorry I'm kinda a masocist.

"Personally I would like a more complex password"

Ok, but rules like "must be at least six characters ..." don't stop you using a 15-character one.

We have to use strong passwords at work, and they change all the time. A "strong" pass word insists on both upper and lower case, a number, and a special character.

So a friend of mine came up with a system and I use it all the time...

The pass word follows this form"

Number of the month, A memorable word (capitalized), number of the year, special character.

So for march 2oo8 it would look like: 3Word08#

As the password is changed, the "Word" does not change, but the month and year numbers increment.

This works fine for most passwords, and if I know the month and year I don't forget my password. The only problem is that some systems require a special charcter, and some don't.

Hello Roger Pink

You could, of course use a complex but at the same time easy to remember password.

A simple phrase, interspersed with numerals, or that special character if needed.

Example: Up2 The3 Garden6 Path4 = Up2The3Garden6Path4 - which uses the numeral corresponding to the number of letters in the word.

In this way, you can use a catch-phrase, or something easy to remember, yet quite difficult to break.

Of course to make things more difficult: U2pTh3eGar6denPa4th could be chosen, where the numeral in placed into the word centre, or some other easy for you to remember place.

Then to make things more difficult, but easy to remember, you could use: U2pTh3ePa4thGar6den where the words with inserted relevant embedded numerals are placed into the increasing number of letters order.

Strong passwords are quite easy to generate, and they are able to be easily remembered.

Never use some phrase or date combination, which is easily identifiable, such as birth date, marriage date or the like.

The strongest password is a single use one, as used in WW2, for field agents, normally an edition of a book, mutually held at both ends, and words or letters chosen according to a pre-arranged code, but those sort are no use for Site access, and if the book is lost or stolen, you are in trouble.

An interesting article is here:

The Strong Password Dilemma

For Perfect Passwords Click on GRC's Ultra High Security Password Generator.

Of course, how would you ever remember such a high security password , but they are excellent and safe - all you need to do is place the password somewhere it cannot be discovered by others

Kind Regards....

I appreciate the suggestion, but the problem is I have like 20 different passwords. Its hard to remember which goes where. The real killer is the "None of your last 5 passwords" rule if you forget a password because now I have to invent a completely new password that I'll forget because I don't return to the site for two months.

Great comic though, its nice to know I'm not alone.

I've worked a simple-ish method for generating complex passwords.

I do them by columns, for example saWQ21??, where ?? are my "special" characters from the top row of the keyboard, which I shan't divulge. This kind of password is easy to remember and type, since it only takes two fingers and the caps key alternates every two letters. Then next month when I have to reset my password, I just move over one column and use dsEW32??, and so on through the years. Then, every six months of so when I need to update my "at home" passwords, I just use my penultimate work password.

And I write them down.

I like "RoboForm". It remembers all your passwords for you. You password RoboForm with one secure password and that takes care of all your password problems.

Sounds good, but when we have to use such a tool, isn't that defeating the purpose of all these password security rules?

You can use password manager for windows system,dude

Roger Pink Most web sites want to know who is accessing the URL. Beyond that there is little if any real NEED for passwords except for secure areas for purchases or access to personal / private / sensitive information.

When you have to jump through hoops to get a catalog or a data sheet of a new / exotic product it is to provide them with follow-up sales contact information .

I'm with you, Roger. Passwords are near the top of my list of pet peeves. I have yet to find a way to have just one or two passwords that will work in every case. For passwords that must change every 45 days I combine a backwards name and the year/month (for example, lliB0803). For static passwords I have a list of passwords too long to remember to conform to the various site requirements (e.g., four characters, six characters, eight characters, etc.) I have a Word document two pages long where I have recorded all my passwords.

Bill Morrow

I'm with you all. I've got so many requirements for passwords that I finally settled on a rather simple methodology. I have several "root" words that I use, then capitalize one of the letters - usually the first one, then add the number "1". When it needs to be changed, I simply increment that last digit. This gives me 10 distinct passwords, so it gets around the "5 password" restriction. A mod on this theme would be to use the sitename as the prefix. So, if my "root" was "Albatross", my password would be "SallieMaeAlbatross1".

Either that, or use the same password everywhere.

Grqe beard & Bill Morrow - yeah I do stuff like this too.

'easy' words, names, combined with some numbers (with SOME tenuous connection to something I can halfway remember), then capitalise a letter or subtract or add '1' and reverse it, etc.

PITA but necessary in our modern data-driven world..

cheers

RF_G

"I'm sure there is a reason why they make these rules, can somebody please fill me in?"

Yes. It's for your own good. They are the GOVERNMENT, and they are here to HELP you. Apparently you need to either increase the dosage or the administration frequency, as your medication isn't working properly. Please DO try to go back to sleep now...