It is with fear and trepidation that I enter this week.  The reason?  Next week, I will be required to change my password on our LAN, an event that now occurs at least once per quarter.  Why should this cause anxiety?  Three reasons:

1. It will take me a week to figure out a good password that meets all the requirements.
2. I will need to change my password in the many other systems not connected with our LAN.
3. I am assured that with about 99.99% certainty that the rules about what makes up an acceptable password have changed since I last participated in this activity.  This will make #1 a mute endeavor.

So, here has been the evolution for the past few years.  At the beginning, I just used my favorite dead pets names as passwords.  These were simple to remember and typically did not expire for years at a time.  Past candidates were (this is 7 or 8 years worth of passwords):

smokey  (the dog)

mittens  (the cat)

snowball  (the cat)

matilda  (the fish)

jimmy  (the fish)

fish  (the fish)

etc.…  (the fish)

etc.…  (the fish)

etc.…  (the fish)

This worked pretty well while I was using dogs and cats, because there were a limited number (they took longer to die).  If I forgot my password (after a long weekend), I just started running through the very short list of dead pets and before you knew it, I was back in the system, being productive.  This broke down a little when I started using fish…there were just so many of them.  Reading the Popsicle stick crosses in the back yard pet cemetery so I could log into my computer was a very morbid exercise.

Soon, the security experts around the world determined that simply using dead pet names was not good enough, a twist was required.  The next time I had to change my expiring password, there was a new requirement…the password had to contain at least one capital letter.  This added a lot of new possibilities:

Smokey

sMokey

smOkey

smoKey

smokEy

smokeY

I won’t bore you with all the other possibilities, but the list was growing exponentially.  Next came the advent of a “special character” in addition to the already required capital letter.  This made the password look something like:

$moKey

Again, I will spare you all the possibilities that this added, but they were vast.  The next evolution was the requirement of at least one number in addition to the “special” character and the capital letter, thus rendering something like:

$moK3y

The above requirement in combination with the fact that the expiration period was shrinking meant that I was using up memorable possibilities at an alarming rate.  The next change was the requirement that passwords be a minimum of 8 characters long, but not more that 14 characters, contain at least one number, contain at least one “special” character, and at least one capital letter.  This required a complete conversion on my part.  I didn’t even have dead fish with names that contained 8 characters.  Now I had to combine the names of multiple dead pets.  This looked something like:

$moK3y.m1tt3ns

As quickly as I was coming up with new combinations of passwords, the security experts were coming up with new requirements.  I think you are starting to get the picture, the requirement for password complexity were quickly exceeding my capacity to generate them, let alone remember them.  Soon, the ability to just remember two passwords and change back and forth between them was taken away, with some systems requiring 15 unique passwords before they could be repeated!  This was combined with the fact that new passwords could not share more the 50% of the same characters as the old password AND you only had three tries to get it right or you were locked out of the system for 5 minutes.Eventually, I had to give up, it was just taking too long to become productive on Monday morning.  I now keep an Excel spreadsheet with my listing of passwords.  This Excel spreadsheet has a very simple password that even the most inane hacker can crack, but at least I can remember it.  Sadly, I keep the spreadsheet on my computer (yes, with one of those very complicated passwords protecting it).

Tags: No Comments