Dumb Password Rules

In the later years of my career at the Defense Supply Center Philadelphia, whose parent is the Defense Logistics Agency, the requirement came down (from where, I do not remember) that we had to change our passwords every few months. This was stupid, as it did nothing to make our systems more secure, but try telling that to the bozos in charge.

(For the record, there were lots of bright, forward thinking people who worked there, but they just weren’t in charge.)

Anyway, this frequent changing of the password led lots of folks to simply keep their current password on a slip or paper under their keyboards. As I said, not very secure.

My little way of protesting was to keep my password, which, for the record was: Way2Soon.

Since our system ran on Microsoft Windows, itself not a very secure system, which only enforced a 20 former password ban, what I did was change my password sequentially from Way2Soon to Way2Soon00 to Way2Soon01 to Way2Soon02, etc., until I got to 20, and then I changed it back to the original.

Eventually Microsoft caught on to this gambit and started enforcing a one day password change, so I had to do this little trick one day at a time for 20 days. My little way of sticking it to Tom Spera. Or whomever.

But frequent password changing isn’t the only stupid password rule that sites create, and Bruce Schneier has pointed me to Troy Hunt’s site where he is collecting Dumb Password Rules. And there are a lot of them!

Wells fargo

Leave a Reply