Reply to post: Sensible Rules

It's World (Terrible) Password (Advice) Day!

Steve Knox

Sensible Rules

1. Require a fixed-length password, so that it can be stored and retrieved efficiently.

2. Require a specific pattern of {lower-case letter}{upper-case letter}{number}{special character}


Spaces ( )

Quotes (')

Double-quotes (")

Ampersands (&)

Backslashes (\)

Forward Slashes (/)

ASCII control characters

Anything other than 7-bit ASCII printable characters (specifically ASA X3.4-1965, to maintain compatibility with IBM 2260s)

4. Determine the average amount of time to brute-force a password created using these rules, and require password changes at least twice as frequently*.

5. Require all employees to share their current passwords with their manager in case of emergency.

Problem solved!

* In fact, just require a password change every time a user logs in. Make sure to automatically lock that workstation when idle for over 1 minute!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019