For everyone who exalts himself will be humbled, and he who humbles himself will be exalted.
The IT team at CRL has just instituted a new set of password requirements which, according their email, will “improve and change the security that we all use to log into our networks.” I’m all for improved security. But their email continues:
We understand that this will be more complex than your current password; however it is necessary to maintain a high level of security and integrity. As of Thursday, September 11, we will be using complex network passwords. The rules for complex passwords are as follows (you will be reminded when your current password expires):
- Must be at least 7 characters
- Cannot re-use the previous 5 passwords
- Does not contain your login or full name
- Contains at least 3 of the following 4 character groups;
- English upper case characters (A through Z)
- English lowercase characters (a through z)
- Numerals (0 through 9)
- Non-alphabetic characters (such as: !, $, #, %)
The problem is that we already have so many work-related passwords that adding to the complexity of our overall password will hardly improve security. I already have to write down — I know! It totally defeats the purpose! — the eight or so passwords I use here at work. If I changed my password to Fl!bb3rtyGibb3t, what are the odds I will successfully memorize that (and then remember the new one 90 days later)? I will simply have to refer to my cheat-sheet of passwords all the more often. True, somebody may have a harder time guessing my password, but at the same time, all the hypothetical hacker would have to do is find my cheat-sheet, and he’d be golden.
On the bright side, our new scanner uses a biometric thumbprint reader to log you on. At least I don’t have to worry about forgetting my thumb.