I was reading through my RSS feeds this morning and laughed aloud when I read Catherine Helzerman’s blog post “#$*^! Passwords…." At IBM, this was my biggest frustration. I mean, I completely understand the need to change passwords – but the criteria you have to meet is absolutely ridiculous. It’s not good enough to have 7-8 letters or numbers; in some cases, it has to be upper and lower case, include a number (but not begin or end with one), not match any of your previous x passwords, and the list goes on. Catherine hit the nail on the head when she said that it’s sorta counteracts any security gain, because the passwords are so complex (and have to be changed so often) that the person who’s supposed to remember it usually doesn’t. And what’s that mean? That means they either 1) create some password.txt file, 2) put it on their pda or 3) write it down somewhere. I know I was guilty of #1. Catherine has even drawn a cartoon to illustrate the frustration…check it out!
[tags]helzerman, password, security, ibm[/tags]