password expirations

I write the damn passwords down - that is the only one I can remember the 10,000 required for all the systems here at work.

but haven't they told you that you must never write a password down for security reasons? confidentially, what i do is write down a description of it, what it means, what format it is, say Aaa#aa, where A is uppercase, a is lower case, # is a digit, etc.

and then when i finally dream up a new password,

I know - it is posted every where - do not write down your password.

F* that. If I didn't write it down, then I would be calling the help desk several times a day to reset my password. Everyone writes it down. Mine are neatly organized in an easy accessible place.

I even had one bonehead in our IT area that asked me to leave my password written down on my desk so he could logon to while I was away from my desk.

And I looked through all the drawers etc . Waste of expensive time. Sh!t


:wink:

Yeah, that's what I was going to say. Forcing people to come up with a new password every three months, one that's not the same as any of the last 5 previous ones, with all the password rules you can shake a stick at, just ensures that they will have to write it down. I think I'd be ok with it if they let us cycle them back and forth every six months or so.

What I've done is have a base password that I then adjust according to requirements. Then I write that down, but it's still not the whole thing. Like, "base + %1b"

sozobe, that's a good plan, but might be hard to maintain if the password has to be 7 or 8 characters. i never could understand how limiting the maximum number of characters improves security.

Yep. I have one that expires like every 6 months. Can't reuse an old one till it's got 5 more expired passwords after it. Of course I write it down.

The point is that the base has four-six characters, itself. (It's not literally "base", it's some combination [nonsensical is better] that you can remember, and then adapt to use for whatever requirements there are.)

So if your base is, say, mildew (too literal, just an example), then to make it fit the requirements in the first post you'd make that password "mildewB%1" and write it as "base + B%1."

Great idea sozobe - some of my passwords though cannot have the same so many letters so a base unfortunately can't work.

I typically use the same password - just toss the letters/numbers around a bit. But then when I forget is it ABC123, 123ABC or A1B2C3 and by the time I try all the combos - I have used up all my chances and I need to have my password reset.

Writing it down isn't safest, but it is easiest.

Again, "mildew" was just an example -- the base can be a combo (letters & numbers), as long as you remember it.

Anyway, just trying to get what I'm saying across. It's worked well for me.

I know a lot of people who have done that same sort of thing and it seems to work. For some reason, not for me, though. I think it has something to do with the fact that I'm a slob and I have papers and notes everywhere. I often can find everything except what I'm looking for.

I have about 3 or 4 "words" that I rotate with different capitalization and punctuation. It's partially effective -- I still sometimes can't remember it, but usually if it's something I use a lot it's in my fingers by the 4th or 5th time.

I've got about six words I use for everything. My trick is to substitute zeros for 0hs, threes for E's and ones for I's.

I think sys guys should make your password contain rude and offensive language - that way you'd be much less likely to tell anyone what your password was.

And my last tip: patterns on the keyboard - zse45thn

Pass phrases are the way to go..

Live@7:30
Eat2Live?

#4Is>#2

MyBDay4/30
MomBDay6/30

Phrases become easy to change because you don't have to change the entire password. Just change a few letters or a word.

Another trick is keep all your passwords in a password protected file then you only have to remember that file password. (on your PDA perhaps)

Yeah, that's what I use. Some of my retired ones:

Igot2P!
Ir8h0nky


These can be updated/modified to:

iG0t2p
1g0tToP

1r8Honky
1r8H0nkY
ir8Honky

Some people I know use the date that they changed their password. I guess that works too.