Madcap (zimdanen) wrote,

Password Policies

I just had to change my VCU password, because it was set to expire in 14 days. The VCU password policy:

Your password must have the following properties:
  • Minimum number of characters in password: 7
  • Maximum number of characters in password: 12
You may use numbers in your password.
  • First character of password cannot be numeric.
  • Last character of password cannot be numeric.
  • Minimum number of numeric characters in password: 1
The password is case-sensitive.
  • Minimum number of uppercase characters in password: 1
  • Minimum number of lowercase characters in password: 1
You must use a unique password.

There's one more rule that isn't mentioned on there - you can't use any special characters.

Of course, that means that only one of my usual passwords or algorithms for creating passwords is valid under these rules, and I've used that one recently here, so it comes up as "not unique."  (Thanks for explaining what unique means, too, dipshit.)

Now, if I can't use any of my normal methods of creating passwords (all of which are pretty secure, by the way), that means that I have to come up with something new, which is one more thing I have to remember (and makes it more likely that I'll have to write it down somewhere, which is NOT secure).  That many inane rules results in two things - 1)  People need to find a way to keep track of their passwords, because their usual [more secure] ones won't fit, and that could cause a problem, and 2)  It just gives a lot of parameters that narrow down the search for anyone that wants to crack the password.

Also, maximum of 12?  WHY?  If I want to make a 30-character password, why the hell can't I?  And they don't check the passwords for SECURITY - I could use ABC123abc as my password.  I know, because I just set it to this.  (I went back and changed it again, don't worry - I was just frustrated.  That's ridiculous.)

This makes me ANGRY!
  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.