So I'm trying to log into my healthcare insurance I am required to have. I have a few major problems with their system. First off, I understand truly how important it is to have a secure password. And while I know why they made it to where you need to have an uppercase, lowercase, number, and special character, I feel it is very unnecessary to keep asking me every 6 months to change it and to make sure it isn't the last ten I used. It is my life at stake sure. But it's caused me unnecessary stress. I agree that people use passwords that are insanely pitiful because they are lazy and you have to force a majority out of bad habits like using 12345 or just the word password. I do understand all of that, but you also have to note it is a tad bit excessive to ask a person to make an uppercase, lowercase, special character, and a number 11 different times every half a year. If you have trouble remembering your passwords on websites you don't visit often, imagine having to do this. To add insult to injury, the only way for you to lift a lock out of your password from about 3 missattempts, you have to call in to basically tell them you got locked out and need your password changed.
I would write mine down, and I have, but after awhile you get confused on which one you have used. Could I make a very simple list, sure. But you can see why that is a problem. I need to write a list to remember my own passwords. And no, I don't make convoluted passwords. I try to just put a slight difference to my passwords I currently have. Though it can get real confusing, especially since I don't log onto this site until I need to make a new application or a new password. So that's 6 months to a year of passwords I more than likely won't remember doing.
I'm also quite cross at this at the fact I can make a fucking three word password that is
A. easy to remember on the spot
B. stronger than theirs at the base form
What do I mean by that? Well if you read xkcd at all, you'll probably know his comic on password strength. If you do not, here is a link: xkcd.com/936/
I'll even give you a bone here and look up 3 seperate websites for password testing and post my results. I'll be making up 2 different passwords I have never used before that I'll make up on the spot. They will be very basic.
Their requirements: upper, lower, number, special character
Mine: 3 words, a number
I'll keep them relatively short since it's easier to "remember" one when you need to write it 11 different ways.howsecureismypassword.net/
upper, lower, number, special character
Time: 275 days for average pc
depending on your 3 words, adding or removing the first letter can strength or weaken it.
Time: 63 million years for average pcpassword.kaspersky.com/?utm_me…
(this one has some added stats)
Time: 4 months for mac book pro (2012)
conficker botnet 9 minutes
Time: 4 centuries for mac book pro (2012)
conficker botnet 6 daysrandom-ize.com/how-long-to-hac…
Time: 6 years, 5 months
stephenkingtrue190131245 years, 9 months
I totally get that by technicality the 3 word one is a bit longer. But a commonality is short passwords of one or two words followed by that gibberish. That isn't the same for everyone of course, but if you look up most common or popular passwords you'll see a distinct pattern. People want a short, quick thing to remember with a number they like. If it's a special character, it adds some flair.
A counter argument could be "make your password on there 3 words with a special character, uppercase, lowercase, and a number." Well, you do that 11 different ways and see how well you remember it. I wouldn't be so cross about it if I could have a steady password. Making 11 different passwords is a bit harsh. I'm locked out of my account for being unable to remember one of 11 passwords I may have used over the past few years. You can see why this is a problem.