Painfully Perplexing Password Policy

I have over 250 websites where I need login/password combinations, most of which are pretty basic and never make me change the password (not to say I shouldn't change it...I should, but I don't, like most of you no doubt). But I think I've come upon the most complex, convoluted password policy ever.

This is painful!

  • At least one uppercase or lowercase letter (easy)
  • At least one number (easy)
  • At least one special character, like ! @ $ % * ( < (OK, no prob)
  • Contain no more than 2 identical consecutive characters in any position from the previous password (now this is getting painful)
  • Contain a non-numeric in the first and last positions (what the?)
  • Not be identical to the User ID (makes sense)

It is recommended that passwords should not:

  • Contain any dictionary word (OK, time to whip out Webster's)
  • Contain any proper noun or name of person, pet, child or fictional character (sorry Snoopy)
  • Contain social security number, birth date, phone number or other readily guessed info (how about my wife's measurements?)
  • Contain any simple patter of letters or numbers, such as qwerty or xyz123 (how bout xyzpdq!?)
  • Be any word, noun, or name spelled backwards (darn it, I wanted to use REDRUM!)

Geez. This takes all the fun out of password creation!! And to think every 60 days I get to read through these rules again to create a new password!