I have over 250 websites where I need login/password combinations, most of which are pretty basic and never make me change the password (not to say I shouldn't change it...I should, but I don't, like most of you no doubt). But I think I've come upon the most complex, convoluted password policy ever.
This is painful!
- At least one uppercase or lowercase letter (easy)
- At least one number (easy)
- At least one special character, like ! @ $ % * ( < (OK, no prob)
- Contain no more than 2 identical consecutive characters in any position from the previous password (now this is getting painful)
- Contain a non-numeric in the first and last positions (what the?)
- Not be identical to the User ID (makes sense)
It is recommended that passwords should not:
- Contain any dictionary word (OK, time to whip out Webster's)
- Contain any proper noun or name of person, pet, child or fictional character (sorry Snoopy)
- Contain social security number, birth date, phone number or other readily guessed info (how about my wife's measurements?)
- Contain any simple patter of letters or numbers, such as qwerty or xyz123 (how bout xyzpdq!?)
- Be any word, noun, or name spelled backwards (darn it, I wanted to use REDRUM!)
Geez. This takes all the fun out of password creation!! And to think every 60 days I get to read through these rules again to create a new password!