We all know that using a password like "password" isn't very sensible if you want to stop people guessing your online banking passwords. Actually the very fact that "password" is too guessable indicates that we don't all know it...but anyway, I was most surprised to find a web site that insisted that passwords:
- Consist of at least 8 characters
- Contain at least 1 uppercase character (A, B, C)
- Contain at least 1 lowercase character (a, b, c)
- Contain at least 1 numeral (1, 2, 3)
- Contain at least 1 symbol (` ~ ! @ # $ % ^ & * ( ) _ + - = { } | [ ] \ : " ; ' < > ? , . /)
- You password can't contain:
- Spaces or non-English characters
So, now we all know how to make a super-strong password like "Passw0rd."
Another website insisted that as well as a password, you have to fill in information that only you can possibly know (but that's another story..) i.e. the name of your first and last school as additional security questions.
Even with such easy questions, it took me less than 20 minutes to get myself locked out of the site. ..how did I manage to not know the name of my last school 20 minutes after typing it in?
The kind gentleman on the telephone in their "Reset my password" department obviously had visibility of my log-in attempts and only when he politely informed me that "Please note that the security questions are space sensitive" did the penny finally drop.
The answer was simple. When you first enter your security questions in, you type them in a normal text field where you see what you are typing. However, when you log in and you are asked to type them to confirm your identity, they appear in a "password" text box, and the characters you type are replaced by asterisks.
As you know, super-strong passwords cannot contain spaces and when I type the name of my school into a password box, my brain automatically skips the spaces between the words. It does this for at least 3 consecutive tries, plus a further 3 times after clicking on the "Lost my password" button.
Posts
No comments:
Post a Comment