Re: 0936: "Password Strength"
by wormspeaker » Wed Aug 10, 2011 6:43 pm UTC
"Oh, my. I had the same experience with a mainframe account before. They only allowed you to have 8 characters for your password and you couldn’t use special characters. (i.e. no punctuation because all the available punctuation was reserved.) You had to have both upper and lower case and you couldn’t use more than 4 numbers, and no two numbers could be consecutive and you couldn’t use the same number more than once. The letters could not form any word in the dictionary and you also could not use consecutive or repeating letters. (But graciously they would allow you to use the same letter twice as long as they were not next to each other.) Oh, and you couldn’t use spaces. Oh, and the first character could not be a number, but DID have to be an upper case letter.
It just seems like all the restrictions that they placed on the password actually resulted in a smaller set from which to guess if the attacker knew the rules. So they ended up making the attacker’s job easier while making the user’s life harder. Of course since the passwords ended up being so random, everyone just wrote it down and hid it under the keyboard. /sigh
The real kicker was when I chose a password one time and it gave me that same error message. "That password is taken, please try again." I plotzed. I really did.
I think the mainframe team was just trolling. It’s not possible that someone (not a group of someones because you know there’s someone up the food chain who makes all those decisions) who presumably passed a graduate level college program could be so fuskin’ ignorant as to actually think this was a good idea.
The final straw was three weeks later when the system told me my password expired and I had to go through the whole process again."
Importé de Google+