Home » Other »Post-It Note Passwords

Making Passwords Too Complex

Having the word "dog" as your password is pretty foolish. Either a dictionary attack or a brute-force attack will reveal it in seconds. Using "d0G&cAT" is better because it is longer and uses UPPER, lower, symbols and numerics.

Nothing that's particularly new to anyone so far, but sometimes people get carried away with this sort of thing. I recently had to change a password on a UNIX system with the following constraints:

Setting that kind of password policy is going to result in passwords like "£Eur023"- which is fine, except that it isn't particularly memorable (and it can be difficult to make a £ symbol on a non-UK keyboard). This kind of password is begging to be written down on a post-it note and left stuck to a monitor or left underneath a keyboard. Nobody wants to spend 10 minutes thinking up a password which looks vaguely like a word they will remember but won't be detected as such by the system. They're not going to do it because they have work to be getting on with. If you must enforce all four character sets (upper,lower,numeric and symbol) - please at least make it possible to have passwords longer than a measly seven characters.

If you can't do that, then you probably shouldn't look too closely at people's monitors or under their keyboards. You might not like what you find there.

Edit/Update: To include a link to the XKCD comic about password strength.