Enough to make you miss Allen Ludden

From the last time we got into the discussion of passwords:

I believe “@#$&!” is what I say when the “Your password will expire in 14 days” message comes up after a mere 30 days. We’re allowed to slide by on a mere eight characters, but we must include at least one from each of the Three Basic Mistyping Groups.

It appears I am not alone in this vexation:

I keep getting that warning that my password is going to expire. Apparently they are taking it off life support and are giving it that end of life care that consists mostly of painkillers and popsicles. Or maybe painkiller popsicles. On Wednesday I received the first warning that it was to expire in 11 days. Yesterday it was 10. Today the dire warning is of nine. more. days. Nine days to craft some clever combination of CAPITAL LETTERS, lowercase letters, and rand0mly in53rt3d numb3r5.

If I do not, my existing password may turn and go sour like that gallon of milk in the fridge. But I would never dream to throw out the milk prior to expiration.

I have adopted the policy of Letting The Damn Thing Expire; the service involved allows one last connection, at which time you must come up with a password to their liking.


  1. McGehee »

    2 August 2009 · 11:59 am

    In dealing with password content requirements, I have developed a grudging respect for 733T-5p3aK.

  2. Mark Alger »

    3 August 2009 · 8:17 am

    I change it to whatever their template demands, then change it back.


  3. CGHill »

    3 August 2009 · 8:23 am

    I’ve tried that. It won’t take the change-back. (Bastiges.)

  4. Thomas Pfau »

    3 August 2009 · 2:26 pm

    I don’t think these policies achieve what the bean counters expect them to achieve. Changing passwords often is supposed to provide a moving target that makes it harder for someone to guess your password. Requiring so many digits, capital letters and punctuation marks is supposed to make passwords harder to guess. But the password rules actually reduce the available number of passwords and makes it harder for people to remember their own password resulting in lost time making phone calls to the help desk. In order to make passwords easier to remember people will resort to password schemes based on the lifetime of the password. Require monthly password changes and your users will likely encode the name of the month and the year in their passwords. Require password changes every 90 days and they’ll use the season and the year. As McGehee says, throw in a little 733T-5p3aK and you can easily get passwords that use these schemes past the dictionary checks while still having a password that can be guessed in a dozen tries.

RSS feed for comments on this post