I don’t know about you, but for accounts that I access online that contain personally identifiable information like my phone number and address, I use a password that is more than eight upper and lower case letters, contains at least one number, and has at least one special character.
I just had to reset the password on our Verizon account because I could not remember the password. This is the error message I received upon my attempt to reset:
The password is “not available”? NOT AVAILABLE?
That’s not true. Not available generally means “someone else is using this <insert whatever, usually username>.”
This error message should read: “We have a clueless (or toothless, take your pick) IT department and so we have decided that your passwords can’t contain a special character, even though it’s a recommended way to make a strong password. By the way, we won’t be held responsible if someone hacks into your account.”
And the fact that Verizon requires only six characters is insane.
Yes, I know that you don’t necessarily need a special character (“symbols”) to make a password secure. Just make it long enough and complex enough and it will be secure …. and you won’t remember it. Just like I could not remember this one …. until I saw the prohibition on special characters.
Idiots.
****
Kathy’s recommendations for creating a strong password that you can remember:
- Begin and end the password string with a special character – even if it’s the same one on each end
- Combine things that are incongruous, such as a zip code from today with a street name from your past
- Capitalize a letter someplace other than “at the beginning”
- Convert letters to special characters or numbers: “s” can be $ and an “i” or “l” can be “1”
- Aim for a minimum of 10 characters
- Think text-speak and drop unnecessary vowels
- Turn a word into its telephone number pattern
- Never use your birthday or social security number
For more reading:
- Darknet good password guidelines (says to include symbols)
- MakeUseOf suggestions for strong passwords (says to include symbols)
- Microsoft password recommendations (says to include symbols)
- Wikipedia guidelines for strong passwords (says to include symbols)
2 replies on “Just Call Me Curmudgeon: Pswd Security”
[…] every account. As the risk goes up, make the password more secure. Whine loudly when a vendor (like Verizon) will not let you create a secure password on their […]
[…] for every account. As the risk goes up, make the password more secure. Whine loudly when a vendor (like Verizon) will not let you create a secure password on their […]