Thread: Password Security Trivia

Originally Posted by martinozcmax

I have worked in IT for nearly 30 years and what really gives me the irrits is idiots forcing me to change my password every 90 days. St George bank does it for business accounts. I have tried explaining to the numbskulls in the tech dept that it is actually less secure as eventually you end up writing it down to help you remember it.

Yep, had that argument many times. Learnt it a long time ago when first in IT - make the password requirements too complex or change them too often, and people write them down on the desk, keyboard, post-it note or God knows where else. A bit of user education and sensible policy goes a long way to helping overall security.

Like you, I have a very complex password for banking and the like, which is written down nowhere and has nothing to do with me whatsoever so can't be guessed, easily brute forced or dictionary attacked. Have a simple one for other things where complexity is pointless as half the crap systems store the things in plaintext anyway.

Here's how I was taught to construct a password...

(No there are no bonus points for spotting the "really need to get laid" IT types who came up with this one....).

Pick something that is personal to you i.e. that you'll remember (yes, I know, mistake #1)

Say for example you have a pet turtle named "Agamemnon" (why the f*** would you?)

Instead of using plain characters, use abbreviations and 'special characters' and numbers in such a way that the password is really hard to crack... like this:

M1trTL$NmI$ag@Mn0n (My turtle's name is Agamemnon)

Fantastic idea and really easy to remember now, isn't it !