I am continually finding myself more and more annoyed by admins, websites, etc that force you to make a 'secure' password. Now don't get me wrong, I am security conscious, and I applaud efforts to prevent easily guessed passwords, but making password requirements such as "must contain 1 uppercase and 1 lowercase letter and 1 number" are the most frustrating.
Why? Well, because it forces you to have 37 different passwords, guaranteeing you will forget it or write it down, thus defeating the 'security'. Furthermore, by making rigid requirements, they also limit what a brute force attack would have to go through to find the password. Strongly recommending such requirements would be better than forcing the user to write down the password on a stickynote.
I like GNU's password 'requirements' of "this isn't a secure password, are you sure?"
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment