From our company guidelines, and hopefully from elsewhere, we all know what is a *good* password. Mixture of cAseS, numbers, some of it random… two words divided by numbers, like4512this, etc, etc…

So why THE HELL are those stupid password reminders are used on big sites ?? Let’s see, password is: xMore45supeRFly, but “What is your pet’s name ?”… come on… how many pet names are there ? 1000 ? 20000 ? It’s trivial to guess. Not to mention friends and people who are familiar with you, who can sometimes answer these questions.

It considerably weakens the system. Never, never answer those questions if you want at least some level of security… or if you’re forced to answer (there are sites dumb enough to require this), just drop the longest possible string you can think of…

What is your mother’s maiden name ?

ggrph2324fg11aaQMDKAUiii6666

Hmm…

Related posts:

1. Password organization program

This entry was posted on Wednesday, December 10th, 2003 at 12:45 am and is filed under Internet. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.