To be irrationally fucking annoyed at sites that stipulate ridiculously long passwords?

[Libaebul]

I know it's for security but I had to sign up for something yesterday that wanted
•10+ characters
•At least 1 number
•At least 1 capital letter
•At least 1 special character

I try to create a password that has all of these things that I will remember, I think I did #123Usualpassword123, Usualpassword being the one I use for most sites but then it goes 'your password has too many repeated characters, please enter a new password'

This is a piece of work software I'm going to have to sign into on a regular basis as for security reasons cannot leave it signed in permanently. Obviously I know security and all that but I'm never going to remember it!! I wish when you went to sign in for things that wanted stupidly long passwords it had a reminder of the password rules so you know what you've put!! If a hacker really wanted to know this information all they would have to do is go to sign up themselves......

YANBU I write them down in a notebook. I feel that anyone breaking into the house will be more interested in the laptop and jewellery than my scatty notebook containing my yoghurt password.

It makes no difference to a piece of hacking software whether it's PASSWORD, PA55WORD, Pa55w0RD or p455w0r!, as all characters are valued equally. But you won't be able to remember it.

If it were bananahelicoptersandwichcheeseplant, however, that would take considerably longer to crack, simply because of the number of characters involved. And you'd have a chance of remembering it. Or, as I had as my final one in a previous employment ihatethissoddingjob.

Yanbu for my old job I had to change it every month too and no repeats it took 10 minutes a month finding an acceptable password I still remember how frustrating it was when I tried to log on to do the morning paperwork and that message flashed up

When I worked at a school, I used to get the staff to check their passwords on this site and some of them were amazed at the difference adding special characters or making the password longer made.howsecureismypassword.net/

For example, purplelemoncat suggested above would take 51 years for a computer to crack - probably ok now, but with the development of computer power maybe not so in a few years time. Putting a space (or a special character if spaces aren't allowed) between each word raises that to 245 million years. I used to suggest using a semicolon as a special character, as it doesn't need the shift key.

(Incidentally the original article that suggested three word phrases did specify that It was the spaces or special characters that made it more secure, but that point seems to have been lost, without them they are vulnerable to dictionary attacks: lifehacker.com/why-multi-word-phrases-make-for-more-secure-passwords-t-5796816 )

I wish there was an international standard on password requirements. It also fucks me off that when you can’t get in, it doesn’t tell you what ridiculous rules they use; that would help me work it out.

I’d suggest using old postcodes or car registration numbers as a random but memorable alpha numeric combination.

A password manager or a simple password backed up with two factor authentication

No numbers from dob! That would leave me with only 2 numbers I could use!

My complex, changed monthly passwords which are different for each platform and software system are so infuriating that we all have them written out on postcards and stuck to our monitors or in a notebook called ‘Passwords’.

I’d suggest using old postcodes or car registration numbers as a random but memorable alpha numeric combination.

I can't even remember my current car registration number

I use a system which goes something like this. Coat19xxxx0? (with xxxx being the first 4 letters of the website or company it relates to) This way, you should have all bases covered and you can remember it because every password is very similar.

So my MN password would be Coat19mums0?

For example, purplelemoncat suggested above would take 51 years for a computer to crack - probably ok now, but with the development of computer power maybe not so in a few years time

A system should recognise that a password attack is taking place and lock an account after a certain number of failed attempts or impose 2 factor authentication if a site is sensitive. There could also be the ability only to login from certain devices or certain IP addresses.

We have to change our work passwords once every few months. It has to be so many characters, have a capital letter number and character and no be the same as any of our previous passwords. It drives me mad.

Totally agree! Considering how hard it is to win the lottery, i’m not sure why they make It so complicated.

Drives me round the bend too.

One work password stipulated two numbers and three capital letters, I had that, didn't like it. It was only when I had them together it worked.

I use a system which goes something like this. Coat19xxxx0? (with xxxx being the first 4 letters of the website or company it relates to)

I use a system similar to this. (With a variation for the password above)

Yanbu. Use Chrome or keypass.

Yup I have a spreadsheet as who can be remember them all ?

Mine a variant of one base with extra # and capitals

I worked for a place that required you to reset your password every Monday morning. And it couldn't be an old password. Nobody could ever remember them, so we all had post its on our screens with our passwords written on them. Really secure!
Monday mornings were a nightmare, we'd all be shouting "someone give me a password", and we'd all end up with stuff like Costastaplerrainy.

I think it's actually less secure when they ask you to make these stupid passwords because then you are more likely to write them down!

Sorry to say it but YABU.

From the security measures I'm assuming the application holds sensitive or personal information. They have to take security very seriously.

You can use a password manager or another good tactic is to remember a sentence instead and use the first character of each word and throw in some numbers/capitals.

Passwords with known words in or series of consecutive numbers are not secure passwords.

And please do not write the password down on paper or use the same password as you do elsewhere.

I dont mind for proper things like a bank, but it really irritates me that absolutely everthing needs really long passwords, even things where you just want some info.

It's ridiculous and pointless, especially when they don't tell you they have that criteria. So you spend however long typing in all your details and password only fit it to be rejected because it doesn't contact a special character, and having to start all over again.
I can see why multiple strong passwords are needed for things like online banking, but for things like boots card account or pets at home, who cares?

From the security measures I'm assuming the application holds sensitive or personal information. They have to take security very seriously

Some places that ask for these only have a name and address.

And please do not write the password down on paper or use the same password as you do elsewhere

That gets very complicated when you start to think of the number of sites out there that want a password.

I am autologged into MN - as it's just got my name. What's the worst that could happen if someone stole my computer and then logged in?

I don't know what MN password rules are.

@BeanBag7

Because if someone gets the password to your Boots account then, by the sound of a lot of PP here, they then know or can easily figure out the password to most of your other accounts. Reusing passwords or only making minor alterations is a big no no. If they figure out your email password they can probably reset half your passwords as well.

YANBU!! It took me ages to try and come up with a password for something the other day and Ive already forgotten it. Hoping next time I need to sign in google has remembered it for me.

A system should recognise that a password attack is taking place and lock an account after a certain number of failed attempts

That's not how hacking works: www.grahamcluley.com/password-account-lockout/