October 6, 2016

Funky Characters in Passwords

Filed under: Main — admin @ 12:01 am

You have multiple user names and, hopefully, multiple passwords. The requirements for the passwords are well-known: It has to be something complex, not-obvious, and at least 8-characters long, with a smattering of upper- and lowercase letters plus numbers. Add to the mix, a symbol or two.

Back in the old days, passwords were letters and numbers only, sometimes only one or the other. Eventually, they (meaning the programmers) allowed for mixed case, probably because some computers back in the 1980s didn’t discern between upper and lower case letters.

Over time, other rules and suggestions for concocting a password were added. Today, the new rule is super-long passwords with symbols. This is a change I’m resisting, mostly from tradition.

For the longest time, if you dared type a symbol — any symbol — into a password field, you’d either see an error message or the program would crash. Even though all characters are just numbers to the computer, some of the characters (or their number values) are just so offensive you can’t put them into a password. Today that rule has changed, but my superstition about the offensive characters remains constant.

In fact, you can even stick a space in some passwords. Think of the horror!

With the recent Yahoo! hack and others, it’s become imperative to change and boost all your online passwords. I’m slowly changing all my passwords, which are of the required length, upper and lower case letters, numbers — but no symbols! So I’m adding symbols. And even spaces!

My approach is to use multi-word passwords with a smattering of symbols and then a number code. As an example, consider the following password:

Shadrach12_Meshach34*Abednego56

The basics of the password are three groups. Each group is a word followed by two numbers. The word starts with a capital letter. The three groups are separated by using two symbols. This example is just for show, in practice I’d probably add a fourth group, mix up the case, and use even more symbols. The more complex the password, the better.

So far, I’ve not been hacked. I assume that my Yahoo account was hacked, but that password was unique to Yahoo. And that’s most important: Specify different passwords on different systems.

For the next few weeks, I’ll be updating passwords and making them longer. I also have a cheat sheet I use to remind me of the passwords. You should create one as well. And don’t be like me and let the symbols freak you out! Just as everyone got used to passwords in Windows, then longer passwords, eventually we’ll all accept that passwords can have symbols, even spaces.

3 Comments

  1. I tend to use a standard password with number on the end which increases by one each tine I have to update, the problem I have found is some need a capital some don’t, try to remember where the capital is…(fun!)

    Comment by glennp — October 7, 2016 @ 1:50 pm

  2. Maybe the solution is to provide a general prefix that contains all the nonsense, say:

    1A_b2

    Then follow that by your normal password of choice. That would handle some of the validation algorithms, though I like your method of adding numbers each time you’re told to update a password.

    On the City system, I’m asked to change the password every 6 months. So after 6 months I changed my password back to what it was before — but the system remembered the old password! It wouldn’t let me change it back. Damn technology.

    Comment by admin — October 7, 2016 @ 2:24 pm

  3. The number idea started with a goverment system I had to use so I used my stock password and added 00 when asked to 01 Ihave never needed to go past 09 so the question of 10 or 0A has never come up!

    Comment by glennp — October 7, 2016 @ 4:12 pm

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.


Powered by WordPress