Insane Password Policy

The trend these days in computer security as far as passwords are concerned is to focus on length rather than complexity. That’s because, with the computing power available today, even a password that uses every possible character you can type with the keyboard, if it is only 4 or 6 characters long, can be cracked in a relatively short amount of time – short enough, anyway, that it makes it of concern to security-minded people.

Apparently, at least some of the folks over at Microsoft haven’t gotten the memo.

Head on over to the Winqual site and try to sign up for a (free) account. If you’ve ever written software for Windows, it’s worth doing – you can get access to the information that is sent back when your program crashes. (The old “This program has encountered an error – tell Microsoft about the problem” dialog.)

Just be careful what you choose for a password.

password requirements

W-w-w-what? It takes 6 bullet items to explain the password policy?

That’s just insane. And in case you dare to not follow the requirements, this is what you’ll get (click for image).

If anything, the policy should be changed to this, much simpler one:

  • Password must be more than 8 characters long
  • Any character is OK, including spaces

The quality of passwords will go up (they will be harder to crack) and, perhaps more importantly, people will be able to remember them. So they won’t write them down on a sticky-note and put it next to their monitor. Where Jim-Bob the janitor can come read it and maybe even sell that information.

Maybe it’s just me, but I’d be more likely to remember a password of, say, “It was a bright cold day in April, and the clocks were striking thirteen,” as opposed to “d3Mx!;%j.”

By Keith Survell

A geek, programmer, amateur photographer, anime fan and crazy rabbit person.