February 20, 2006

Hopin', sesame

One was informed recently that the password one had been using to access a certain intranet was due to expire. In accordance with recently-implemented policy, the new password was required to

1) Be at least eight characters long.
2) Be different from the previous twelve passwords.
3) Contain at least three of the following : a) uppercase letters, b) lowercase letters, c) numbers, d) non-alphanumeric characters.

One wishes to protest. One finds these rules overly draconian, clearly intended to terrorize all but the most doughty of intellects. No telling how low these system administrator types can stoop – next they’ll be asking for palindromes, or original pangrams, or perfect villanelles. And one Draws the Line at being made to waste precious (and limited) brainpower on such matters, given that one’s passwords thus far have consisted of one’s name followed, to confound even the most devious of hackers, by the surname.

The fact that password-choosing is well on its way to becoming an exercise in creative writing would not bother one so much if it had not been for the need to remember passwords. Yes. One has realised that a password actually needs to be retained in the ol’ memory for extended periods of time, failing which many hassles ensue. Such insight has not, however, prevented such hassles from ensuing, and ensuing repeatedly, in the course of this brief but eventful existence.*

See, one usually keys in the username with a flourish .. and then, pfft (zppk? grrch?). Everything goes blank.

At this point one proceeds to follow a complicated but well-established procedure that involves delving deep into the nooks and crannies of this tangled mind, negotiating one’s way through a lifetime of cerebral (and not-so-cerebral) detritus in the hope of finding that elusive thingybob. This, despite the immense mental effort involved, does not usually give useful results, and one is left with no choice but to look for the system administrator. Who is invariably on holiday.

We need voice authentication. Iris recognition. DNA fingerprinting. Anything but passwords.


* One cannot, at this point, remember what one had for lunch yesterday (or even whether one had lunch yesterday) so asking one to remember a random string like MeghnaNaidu123 is, you would agree, a bit much. Especially when it needs to be changed to MeghnaNaidu124 in a couple of months.

23 comments :

Sheetal said...

First in, yay!
Achcha, one... er that is to say I remember this character in a book once who chose passwords out of another book (this is getting complicated, but do try and follow this thread here) and picked out the fourth word from the eleventh line or somesuch and put a bookmark in to mark the page.

Since the brain is already heated with dredging up this memory from detritus (thanks :-)), I leave it to One to devise a similar system, and tweak it sufficiently to incorporate a) uppercase letters, b) lowercase letters, c) numbers, d) non-alphanumeric characters.

Also One must be very careful not to murder anyone because man in book was a murderer and that's how he got caught.

Jinguchakka said...

You've echoed the plaintive cry of the millions!
Another pain is that one is always required to commit more than one password to memory, as there are always multiple levels of gates and passwords to get in and do some stupid work which is not worth the password that allows it!

Casablanca said...

*icy cold voice*
One complaineth too much, for some other companies also require that you should not repeat the first 3 characters from your previous passwords.
*end icy cold voice*

That means, meghnanaidu123 must become rathnanaidu124. Now tell me, how painful is THAT?!

Falstaff said...

the worst thing about this whole password thing is that I'll spend some fifteen minutes wracking your brains trying to remember what the password was, then in defeat I'll click on the Forgot Password link. This'll tell me not to worry, all I need to do is tell them my Mother's maiden name / my Social Security No. or some such thing and they'll allow me to reset my password. I'll be delighted - finally, something I can handle. Why didn't I think of this before, I'll ask myself.

Except of course that then the damned thing won't let me put in any password I've ever used before, so I'll end up putting in something completely new, thus ensuring that I'll have to go through the same process again the next time I log in. Hasn't it occured to these people that if I wasn't able to remember my original password, which presumably I'd set in common with other sites and generally remembered fairly well, there's no hope in hell of my remembering a completely new one.

I've got to the point where i don't even bother anymore. Just type in some random set of characters to reset my password, and the next time i want to log on go straight to the forgot password link. It saves me a lot of agonising.

sinusoidally said...

Someone I know uses the first six letters of the keyboard on the left with a combination of their birth year. Works like a charm and fulfils all requirements of a password!

qwertY82. Hee hee.

Shruthi said...

"You've echoed the plaintive cry of the millions!" - Ditto!

Plus, different programs have different passwords, and you cannot write them down anywhere either. Sigh.. it never ends....

Casablanca said...

*excitedly* Oh oh oh, the one, I mean, The One, has been featured on Desipundit.

*wondering* Now that The One will be showered with new comments, this one wonders if The One will still find time to reply to old commentors.

(Time will tell)

Kaps said...

I'm with you on this. My Operating System says that the current password should be different from the last 25 passwords. Every other months it starts giving a countdown to the next password change date.

Nessa said...

*the anonymous* usually has the same password for everything... but certain events in recent history have taught *the anonymous* otherwise..

*the anonymous* now takes 5 times longer to check mails, login to the control panel and everything else cursed with a password..

Such is life, oh One!

the One said...

Sheetal : A challenge indeed. But one is not entirely happy with this gentleman’s system in the first place. He’d have to remember the numbers four and eleven, right? Way too difficult for the One. (If he somehow marks the fourth word on the eleventh line, that’s compromising his security. Actually the bookmark does that already.)

Oh, and no more murders. Right. Must be careful.

Jinguchakka: Indeed. And then these multiple passwords all expire at different times so you end up having to change them asynchronously. You’d need some sort of personal database to keep up with that.

Casablanca: Incapacitatingly painful. One would rather listen to Charming, Tiptop, Beautiful Beautiful than have a password like rathnanaidu124.
P.S. Time has told, na? Satisfied? One shall now go away and mope, for Casa has no faith in the One :(

Falstaff: You seem to have worked it all out .. there is an easier solution, though. Just use your mother’s maiden name as the password to begin with :) (You speak of webmail-type services, one believes, so the uppercase-lowercase-nonalphanumeric rules wouldn’t apply ..)

And the Secret Question is fun, isn’t it .. one always chooses the “What is your dog’s name?” option, because one does not have a dog. Makes it very challenging. And explains why one has to create a new mail account every few months.

Sines: An excellent choice, but one would generally forget which letter to capitalize. A one-in-six chance is good, though .. way better than anything one could come up with.

Shruthi: No, it doesn’t .. one tried to use the same password everywhere, but then they kept expiring at different times so they’ve all ended up different. Sigh indeed.

Kaps: Twenty-five? Gawd. And yes .. the countdown. No better way of filling a chap with deep dread.

Nessa: One sympathizes with *the anonymous* and shares her grief. One has practically given up email altogether.

Cyn Bagley said...

ARGH!!!

I hate it too.

Primalsoup said...

I always have for my passwords names of people - the ones who are most significant at that point in my life. The good thing is that they change every 2.5 months. Or wait, may be that is like a bad thing.

the One said...

Cynthia: Yes .. we all do, it would seem.

Supremus: Ah, so now we are one step closer to the culprit :)

Queer: But putting passwords in writing is forbidden, you know. Otherwise one would've spray-painted one's own passwords all over the wall.

Primalsoup: :) Well, one just hopes you don't get used to it .. soon you'll be discarding a chap whenever your password expires.

Casablanca said...

Hehehehehehe...

One shall now go away and mope, for Casa has no faith in the One

Hehehehehe...*laughing uncontrollably*

the Monk said...

ah, yes, our college intranet system subjects us to the same...but luckily enough, we have figured out how to confound the evil system...we give access to specific folders to everyone so that we don't have to login everytime...and map network drives...like everything it has its cons, but what to do, life is like that... ;)

Nessa said...

*the anonymous* can't possibly do that.. the job demands it :(

the One said...

Queer: You're welcome.

Casa: *And now, just to add insult to injury, she laughs. Uncontrollably, too.*

Monk: Clever indeed. Now if only one knew how to do things like that.

Nessa: Ah. In that case, one merely sympathizes with *the anonymous*.

Anjali said...

The plaintive cry of millions, indeed.

The One is lucky to be able to key in user ids with a flourish. I have found, to my misery, that my first name followed by my second name (the natural choice for a user id) has been appropriated by imposters at large in multiple password-requiring forums.

So not just do I have the task of retaining passwords (widely acknowledged to be impossible, as this commentspace indicates), I also do not know if the user id is correct at any point of time.

falstaff, you have raised another touchy issue. Those 'forgot password' secret questions DO NOT work. Some systems seem to require that you remember your own secret question, to which my only response is to laugh hysterically.

the One said...

Anjali: Believe it or not, that impostor issue was to be a future post on this blog. One's own name appears to be a favourite target for these hounds, and one finds it most inconvenient to add sundry prefixes and suffixes just to get a mailing address. One is only able to overcome these troubles (and hence acquire the flourish) by repeating the name in the user id (anything more complex would, of course, promptly be forgotten). You should try that too. Even if it means funny glances when you give your mail id to people. (Look, one gets funny glances all the time. Mail id or no mail id.)

Anonymous said...

add to that so many passwords- email accounts, blog stuff, flickr, subscriptions.....aargh. its a blood pain i tell you....

the One said...

Yes, and then you have all those online friendship-making services .. ahem .. not that one would ever condescend to join any of those.

Anjali said...

Thanks for the tip, O One, though I think you might have been a bit generous in your estimate of my retention-quotient.

There are too many possibilities that the repeat trick presents. Should you repeat one name or both? Should it be anjalianjalipuripuri or anjalipurianjalipuri? Isn't there a limit on the number of characters allowed? In which case should you repeat one name and let the other one stand alone? And most important of all, the challenge of remembering which of these it was that you ultimately decided to do.

You see the potential for disaster here?

the One said...

Anjali: One has spent the better part of the morning trying to create accounts with repeated names, and encountered precisely the problems you mention. Further, one is forced to admit that the aforementioned hounds are cleverer than one thought, and have already taken simple ones like anjalianjali. Nothing can save us now.