mo.notono.us

Saturday, August 13, 2011

Password insanity

Tonight I had to fill out some official paperwork and went online to get it done.  (Before I start griping – the online form was fine, I could fill it out with minimal problems and got a nice PDF with all the entered info at the end.) 

But to get to the form – oh boy.

I’d been to this site before, so I knew I had an account – I guessed my password – err.  Ok, time to hit the forgot password link.

Oh – ok, “the password expires every 60 days”, so that’s why.  I enter the answer to my “secret” question (the answer to which is a matter of public record, and would probably take a hacker 5 minutes to figure out) and am allowed to attempt to enter my new password.  Err.  “Your password can not contain more than three consecutive letters from your old password”. 

Alright odd, but, attempt 2.  Err.  “Your password must be at least 8 characters”.

Ok, fine – should have guessed that.  Attempt 3.  Err. “Your password must contain a special character AND two entries from the three groups: number, upper case and lowercase.” 

Uhm – ok?.  Attempt 4.  Err.  “Your password must begin and end with a letter.”

WTF?  Attempt 5: I enter an upper case letter, a set of adjacent keyboard symbols, and a lower case letter and lo and behold the password is accepted

Don’t ask me what the password was – even if I WOULD tell you, I couldn’t – I have already forgotten.  But that’s fine, next time I’ll just repeat the same exercise and get in by answering my “secret” question.

XKCD says it oh so well:

Labels: , , , , , ,