So you know what pisses me off these days (well, one of the many many things that piss me off these days…)? Sites that put stupid limitations on password creations! God I hate that!!! Don’t these idiots realize that all they're doing is basically making their site less secure that way? Here’s an example to further explain why this is so freakin’ stupid:
We’ll use you, the average computer user, as an example. Now, to begin with, you already have a very secure and easy to remember (at least for you) password that you would basically like to use everywhere. Why? Because you know it and you’re not dumb enough to give it to others. Let’s assume this great password just so happens to be “fucky0u!”. Now the great thing about this password is that it uses eight characters (a minimum requirement on many sites), alphanumeric characters consisting of both alphabetical characters and one number – the “o” is a zero – and, as an added security bonus, you’ve thrown in a “special character” at the end with your “!”. Good password. So, this becomes the password you want to use everywhere. Then you sign on to some sight (Time Warner Cablevision, for example) that makes your password unusable…
You see, Time Warner Cablevision has a rule that no “special characters” can be used in one’s password. You need to ditch the “!” in your password; unfortunately this brings your password down to seven characters and breaks the eight character rule that Time Warner also enforces. Okay, so you add another “u” to the end (or something similar) which now gives you two passwords to remember – “fucky0u!” for all sites except Time Warner Cablevision and “fucky0uu” for the latter. No big deal, but are you actually going to remember this every time you log into this special case site? I doubt it… But, and I’m sure you’re thinking, “So what? It’s only two passwords. Big deal…” Then you log in to a new site that creates a new restriction – they require at least one capital letter…
Okay, fine … now you’ve got three passwords – “fucky0u!”, “fucky0uu” and “Fucky0u!”. It’s becoming harder and harder to remember which version is used for which site; and, since the password restrictions are only told to you whilst you are creating your passwords, there is no reminder as to what version you need to use as you log in. It only gets worse as you create more and more versions based on other site restrictions – for example, some don’t allow any numbers. When taken with the other possible restrictions, this turns our initial, quite secure password into six versions – the three mentioned before as well as “fuckyou!”, “fuckyouu” and “Fuckyou!”.
Add to that the security feature of some sites that allow no more than three log-in attempts with the same username (oh yeah, and usernames are just as bad…) before your account gets locked – sometimes requiring a conversation with somebody speaking in a rather strong Indian accent wherein you are asked to give some very personal information (completely unrelated to the site you are trying to get back into) in order to get your account re-opened. This, of course, leads to a new password (randomly generated) being sent to you that you need to change back to whatever version of your standard password is acceptable to said site when you finally get in. And don’t even get me started on the sites that keep track of past passwords and have restrictions on their re-use…
So, what we’re now forced to do is somehow make note of which site requires exactly which version of our password. Yeah, your browser does a decent job at storing these various passwords automatically for you if you so choose; however it doesn’t work on all sites. It’s also a rather blatant security risk of you are using a laptop computer that you could possibly lose. Not to mention that you aren’t always surfing on the same machine and, from time to time, you need to update your system in a way that obliterates these stored nuggets. So what does the average user do – writes these passwords down somewhere.
Now what we have is a situation where your passwords are automatically entered by your personal browser as well as written down in a wonderful list form that could easily be misplaced or stolen. How, might I ask, is this increasing security…?
bis später,
Coriolis
No comments:
Post a Comment