Friday, July 31, 2009

How Good is Your Passward?

At work we have pretty rigid rules about passwards in our computer systems:

Our passwords must be 27 characters long and contain:
- at least 2 capitols (state capitols, not countries),
- two special olympics contestants middle names,
- 7 numbers (3 odd numbers and 4 even numbers, none of the numbers can be a multiple of 3)

In addition we have to change this password every 4 days and the system keeps a log of old passwords. So you cannot reuse any part of a old password until your 32nd password change.

OK, so I'm exaggerating just a little bit. But not by much. There is one system I have to log into at work that requires a password change every 6 months. Since I only log into this system about 3 times a year I pretty much am required to change my password every time I log in.

All in all the password as a method of security on computers is getting ridiculus. I even have to change passwords every six months on a machine that is locked in a vault and has no connection to any other computer.

And if I thought work was bad, you should try keeping up with passwords if you do any e-mailing or online commenting or shopping from home. The largest book in our house is the one we use to write down all our online shopping passwords.

Now I know many of you (OK, all two of you) will say "Hey dorkface!, just pick one password and use it for everything, and make it clever so no one will guess it."

Well the folks at Whats My Pass? have been doing a little password homework. They have compiled a list of the top 500 common passwords that people like to use.

That list is here! (But don't click on that link if you are easily offended by seeing profanity. Apparently a lot of people are willing to type things into their computers that they would never say out loud in public. But then again I've been to our local high school and listened to the way they talk.

There are some interesting passwords on this list that show how people try to be clever, but even human cleverness is predictable. For example, look at these passwords that I found interesting:

ncc1701 The ship number for the Starship Enterprise
thx1138 The name of George Lucas’s first movie, a 1971 remake of an earlier student project
qazwsx Follows a simple pattern when typed on a typical keyboard
666666 Six sixes
7777777 Seven sevens
ou812 The title of a 1988 Van Halen album
8675309 The number mentioned in the 1982 Tommy Tutone song. The song supposedly caused an epidemic of people dialing 867- 5309 and asking for “Jenny”

“…Approximately one out of every nine people uses at least one password on the list shown in Table 9.1! And one out of every 50 people uses one of the top 20 worst passwords..”

I am pleased to say that I have not used any of the passwords on that list at home or at work. Well except one. Back when I did computer and network support I used number 96 as a default password if I had to reset someone's email password or their account password. But in my defense, that was back in the day when keyboards only had 4 numbers and 13 letters on them. We have come a long way since then.


classicaliberal said...

My password, ******, is so genius that no one would ever guess that it's just 6 stars in a row! Genius I tell you!

Will Brown said...

But then again I've been to our local high school and listened to the way they talk.

I went to your local high school and remember how we talked! :)

Thanks to the internet, today's high schoolers are able to pick up regional slang and variations that I had to travel the world to acquire. Other than that not much seems to have changed; a somewhat fuzzy grasp of the entire meaning of a given word or phrase coupled to a shock-for-shock's-own-sake value system. As per historical example, most of us eventually grow out of the usage habit fairly shortly following the necessity to feed ourselves intrudes into our lifestyle.

At which time the requirement for a password we can remember that is also unique to us (and not blazingly obvious to others) becomes a perennial burden to yet another generation as well. :)