{"id":965,"date":"2007-11-05T08:34:39","date_gmt":"2007-11-05T13:34:39","guid":{"rendered":"http:\/\/www.starkeith.net\/coredump\/2007\/11\/05\/insane-password-policy\/"},"modified":"2010-08-19T16:17:45","modified_gmt":"2010-08-19T20:17:45","slug":"insane-password-policy","status":"publish","type":"post","link":"https:\/\/www.starkeith.net\/coredump\/2007\/11\/05\/insane-password-policy\/","title":{"rendered":"Insane Password Policy"},"content":{"rendered":"<p>The trend these days in computer security as far as passwords are concerned is to focus on <em>length<\/em> rather than <em>complexity<\/em>. That&#8217;s because, with the computing power available today, even a password that uses every possible character you can type with the keyboard, if it is only 4 or 6 characters long, can be cracked in a relatively short amount of time &#8211; short enough, anyway, that it makes it of concern to security-minded people.<\/p>\n<p>Apparently, at least some of the folks over at Microsoft haven&#8217;t gotten the memo.<\/p>\n<p>Head on over to the Winqual site and try to sign up for a (free) account. If you&#8217;ve ever written software for Windows, it&#8217;s worth doing &#8211; you can get access to the information that is sent back when your program crashes. (The old &#8220;This program has encountered an error &#8211; tell Microsoft about the problem&#8221; dialog.)<\/p>\n<p>Just be careful what you choose for a password.<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/www.starkeith.net\/coredump\/wp-content\/uploads\/2007\/11\/winqual-password-requirements.png\" alt=\"password requirements\" \/><\/p>\n<p>W-w-w-what? It takes 6 bullet items to explain the password policy?<\/p>\n<p>That&#8217;s just insane. And in case you dare to not follow the requirements, <a title=\"password error\" href=\"http:\/\/www.starkeith.net\/coredump\/wp-content\/uploads\/2007\/11\/winqual-password-error.png\">this is what you&#8217;ll get (click for image)<\/a>.<\/p>\n<p>If anything, the policy should be changed to this, much simpler one:<\/p>\n<ul>\n<li>Password must be more than 8 characters long<\/li>\n<li>Any character is OK, including spaces<\/li>\n<\/ul>\n<p>The quality of passwords will go up (they will be harder to crack) and, perhaps more importantly, <em>people will be able to remember them<\/em>. So they won&#8217;t write them down on a sticky-note and put it next to their monitor. Where Jim-Bob the janitor can come read it and maybe even sell that information.<\/p>\n<p>Maybe it&#8217;s just me, but I&#8217;d be more likely to remember a password of, say, &#8220;It was a bright cold day in April, and the clocks were striking thirteen,&#8221; as opposed to &#8220;d3Mx!;%j.&#8221;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>One of the most insane password policies I have ever seen comes from&#8230; Microsoft?<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"webmentions_disabled_pings":false,"webmentions_disabled":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":"","jetpack_post_was_ever_published":false},"categories":[8,5],"tags":[62,61,26,388],"class_list":["post-965","post","type-post","status-publish","format-standard","hentry","category-pictures","category-technology","tag-microsoft","tag-passwords","tag-security","tag-technology","entry"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pimUj-fz","jetpack-related-posts":[{"id":1554,"url":"https:\/\/www.starkeith.net\/coredump\/2008\/12\/17\/nows-the-time-to-switch-to-firefox\/","url_meta":{"origin":965,"position":0},"title":"Now&#8217;s the time to switch to Firefox","author":"Keith Survell","date":"December 17, 2008","format":false,"excerpt":"A serious security flaw has been found in Internet Explorer - no big surprise there. But this one really IS serious - it was found by attackers before it was found by Microsoft. So exploits are already out there \"in the wild.\" (This BBC News story has more details.) The\u2026","rel":"","context":"In &quot;tech&quot;","block_context":{"text":"tech","link":"https:\/\/www.starkeith.net\/coredump\/category\/technology\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":265,"url":"https:\/\/www.starkeith.net\/coredump\/2004\/10\/12\/microsoft-warns-of-22-new-security-flaws\/","url_meta":{"origin":965,"position":1},"title":"Microsoft warns of 22 new security flaws","author":"Keith Survell","date":"October 12, 2004","format":false,"excerpt":"Just another example of why you should use non-Microsoft products where ever you can. And since IE is the biggest culprit of these security flaws, why not give Firefox a try?","rel":"","context":"In &quot;tech&quot;","block_context":{"text":"tech","link":"https:\/\/www.starkeith.net\/coredump\/category\/technology\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":547,"url":"https:\/\/www.starkeith.net\/coredump\/2005\/06\/16\/microsoft-asks-for-help-from-hackers\/","url_meta":{"origin":965,"position":2},"title":"Microsoft asks for help from hackers","author":"Keith Survell","date":"June 16, 2005","format":false,"excerpt":"This is actually quite refreshing, in a way. It's good to see them trying to drive the point of security home to their programmers & executives. Who knows? Maybe Windows really will become more secure.","rel":"","context":"In &quot;tech&quot;","block_context":{"text":"tech","link":"https:\/\/www.starkeith.net\/coredump\/category\/technology\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":442,"url":"https:\/\/www.starkeith.net\/coredump\/2005\/03\/21\/guide-microsoft-european-draft-licence\/","url_meta":{"origin":965,"position":3},"title":"Guide: Microsoft European draft licence","author":"Keith Survell","date":"March 21, 2005","format":false,"excerpt":"Read through this Q&A style article (there's 3 pages of it). Good grief Microsoft sucks!","rel":"","context":"In &quot;tech&quot;","block_context":{"text":"tech","link":"https:\/\/www.starkeith.net\/coredump\/category\/technology\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1331,"url":"https:\/\/www.starkeith.net\/coredump\/2008\/09\/18\/microsoft-admits-what-went-wrong-with-vista-and-how-they-fixed-it\/","url_meta":{"origin":965,"position":4},"title":"Microsoft Admits What Went Wrong with Vista, and How They Fixed It","author":"Keith Survell","date":"September 18, 2008","format":false,"excerpt":"When I first read this headline, I turned and looked to see if any flying pigs were going by my window. But no! It's real! And, surprisingly, it's honest. Executed properly, UAC could have been a savior for people wont to install every application they find. Unfortunately, the UAC prompts\u2026","rel":"","context":"In &quot;tech&quot;","block_context":{"text":"tech","link":"https:\/\/www.starkeith.net\/coredump\/category\/technology\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":997,"url":"https:\/\/www.starkeith.net\/coredump\/2007\/12\/05\/dont-steal-the-focus\/","url_meta":{"origin":965,"position":5},"title":"Don&#8217;t Steal the Focus","author":"Keith Survell","date":"December 5, 2007","format":false,"excerpt":"Jeff Atwood made a wonderful post the other day called Please Don't Steal My Focus, and I have to say I wholeheartedly agree with him. Of course, the question that is raised is \"why are programs still doing this?\" My pick for \"worst offender\" is, ironically, Microsoft Word. When you\u2026","rel":"","context":"In &quot;tech&quot;","block_context":{"text":"tech","link":"https:\/\/www.starkeith.net\/coredump\/category\/technology\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.starkeith.net\/coredump\/wp-json\/wp\/v2\/posts\/965","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.starkeith.net\/coredump\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.starkeith.net\/coredump\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.starkeith.net\/coredump\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.starkeith.net\/coredump\/wp-json\/wp\/v2\/comments?post=965"}],"version-history":[{"count":0,"href":"https:\/\/www.starkeith.net\/coredump\/wp-json\/wp\/v2\/posts\/965\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.starkeith.net\/coredump\/wp-json\/wp\/v2\/media?parent=965"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.starkeith.net\/coredump\/wp-json\/wp\/v2\/categories?post=965"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.starkeith.net\/coredump\/wp-json\/wp\/v2\/tags?post=965"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}