Not only does this shit expire 47,125 times per year, but now it must:

Be a MAXIMUM of 32 characters long
Be a MINIMUM of 8 characters long
Contain at least 1 uppercase letter
Contain at least 1 lowercase letter
Contain at least 1 number
Not contain dictionary words
Not contain spaces
Not be one of the last 4 passwords used
Not be one of the passwords that were used in the past 8 days.
May contain any of the following special characters:
~, !, @, #, $, ^, *, (, ), _, +, =, -,?,,,.

Are you goddamn kidding me? No words in the dictionary? I only have to remember 1.2 x 10^3 passwords for at work and outside work, so what's one more jacked up one?

I'm about to put my fist through this computer screen. Maybe it could take a DNA sample after that and log me in that way?

Could not agree more!!!! This has been driving me nuts lately, along with everything going to 2-factor authentication and requiring a text or phone call to log in. I freaking hate it!

I pretty much have to go through the "forgot my password" process every time I log into anything anymore because they keep making me change it so often and the requirements are so complex I can't remember any of the new ones.

They make them so complicated you have to write them down.

One system I use now requires a one time pass code sent to your email before you can log in. That code may come in 3 seconds or 10 minutes.

System X requires a new password every 60 days. Then there is another system Y where I can get the same information as system X but in a different format but never have to change the password in 15 years.

Check out Bitwarden. Ask if it’s allowed in-house.

Also, look into yubikey. And SSH.

Passwordless login makes more and more sense every day.

And how. Had the same password on your site for 24 years, suddenly it's a security issue?

Use a VPN for security. Only, all the sites I need the security on freak out when I try to log in through the VPN.

And it's been said many times before by many people, but when I was a kid, I never would have imagined in the future, just how much time I would spend every day trying to convince computers that I wasn't a robot.

The internet as a whole kinda sucks these days. I only go to a few sites on a regular basis, but I was trying to do some research on tablets yesterday, and was really annoyed by all the crap on webpages that makes them take forever to load, even over a broadband connection. A lot of the reviews I found read like they were auto-generated by a computer or put together by some Chinese spammer. And don't get me started with all the ads...and the code that blocks access to sites unless you disable your adblocker....even local news sites and the local private college's athetics site have that crap now. It pretty much guarantees that I won't be visiting your site...but it' still annoying.

I'm a child of the late 90s, and I remember the early days of the internet when stuff was free and people shared information just because they could. Sigforum is one of the few places that is still that way, and it's one of the reasons I love this place.

Password = "My-desklamp-is-11-inches-tall". Set the height to whatever month you're in.

The games we have to play just trying to get some work done...

After getting daily e-mails from Shee-Dee-Ern-Ern for many years, they finally had something I wanted to order.

I quit after five or more tries to create a password for a new account. Tried calling, they're closed on Sunday.

If I cxan place the order on the phone tomorrow (emphasize "IF") I'll refer them here and direct them to SigMonkey's rant.

Keepass

Also, what surprises (and sometimes scares me) is that I'm still able to remember most of the passwords I use.

EDIT: That said, it always makes me happy when you have a self service function for passwords which you don't use all the time.

No need to keep it, just reset it when needed.

At work we now have 2 step verification. We receive a text or phone call with a 5-digit passcode.

Get thee a password vault such as BitWarden. I use that one and it can randomly generate passwords customized for the set of rules you need.

This will allow you to store and organize innumerable credentials (along with authenticator and encryption keys) so you only need remember one strong password, the one to access the vault.

Thanks to the password vault, all of your accounts, even ones that don't really matter can have strong passwords you don't need to write down anyplace and which are protected from snooping by encryption.

Grrr.... just tried to log in to Ebay. They're forcing me to reset my password. 4th time in three weeks!? (again, after having the original for 20+ years without issue) I just bought and paid for something last night, now this shit again.

I have an Excel spreadsheet with all my 300+ passwords. Lately some sites do not allow a copy & paste. That means I have to change the password to something simple that I can remember after I look it up. More secure?

quote:

Originally posted by cas:
Use a VPN for security. Only, all the sites I need the security on freak out when I try to log in through the VPN.

quote:

Originally posted by cas:
Grrr.... just tried to log in to Ebay. They're forcing me to reset my password. 4th time in three weeks!?

Do the math.

I've never had eBay demand I create a new password. I just logged-in. They asked me to verify a couple pieces of information. When I changed my phone number from "landline" to "mobile," they texted me a verification code. No biggie.

As for the more stringent verification requirements: If any of y'all operated your own servers on the Internet, and did regular log analysis, you'd see, for yourself, just how nasty things are. I run an insignificant, personal site. It, and the accounts on it, are under constant attack, 24x7x52.

Examples:

I just tossed an entire Microsoft /10, over four million IP addresses, into a blacklist because I was tired of seeing attacks from IPs in it. (They were never going to succeed. I was just tired of seeing it in the reports.)

My mail server rejected 91% of attempted email deliveries in the last twenty-four hours. 84% of those where from 109 different IP addresses spread all over the Internet. Which means somebody's launched a new 'bot farm to send spam/scam email. Odds are every last one of those is a compromised MS-Windows PC or IoT device.


As for having to have all those credentials: Get a damn password manager, fer crissakes

This...

quote:

Originally posted by Anush:
I have an Excel spreadsheet with all my 300+ passwords.

... is unwise.

quote:

Originally posted by Anush:
I have an Excel spreadsheet with all my 300+ passwords. Lately some sites do not allow a copy & paste. That means I have to change the password to something simple that I can remember after I look it up. More secure?

Yeah, but how do you remember the password to open the spreadsheet??

I did jobs all over the U.S. for Homeland security and other agencies/companies.

I frequently had a need to get into something they had passworded and when it came up, I'd place a call to get someone down to open things up for me.

They'd typically take their time, so I'd look under keyboards, on pull out typewriter stands, places like that and 9 times out of 10 I'd find a password somewhere and used it to get access.

Failing that, I'd use something much simpler and that worked frequently also.

I have had to buy an address book just to keep passwords in. It's a pain in the ass having to keep all those passwords.

quote:

Originally posted by IMPD2079:
I have had to buy an address book just to keep passwords in.

Yikes

Very bad idea, IMO. Worse idea than a spreadsheet or plain text file. If that one paper journal should be lost, damaged, or, worse, stolen: You may find yourself in a world of hurt.

My wife used to do that. Kept mis-placing or mis-recording info. (Part of it was she'd scribble it down on whatever was handy, intending to put it in her book later, then...) Took a few times of that before I finally convinced her to use a password manager app and put everything in it right away. Now she no longer has those problems. Same with one of my sisters-in-law. My nephew, her son, finally convinced her.

It's a new world, guys. There's no way around it, short of getting entirely, or nearly entirely off the grid. It's nearly a necessity to have on-line accounts. It is absolutely necessary that each have as unique and distinct credentials as possible, with hard-to-guess passwords or pass-phrases. This necessitates having some way to keep track of them all. IMO, the best way to do that is an electronic password management application.

quote:

Yeah, but how do you remember the password to open the spreadsheet??

simple, tape it to the bottom of your keyboard, everyone knows that