Important Follow Up Re: The New Password Complexity Policy.
We’ve experienced some pushback regarding the new Password Complexity Policy effective last Wednesday. Resisting change is perfectly natural, but I think the recent objections are primarily rooted in misunderstanding. Yes, the new policy requires a bit more attention on your part, but it’s truly not as bothersome as it’s being made out to be, and I suspect in a few weeks you’ll barely remember the transition. Let’s go over the new policy one more time.
Passwords must be 12 characters or longer and must contain at least six of the following seven types of characters:
Including these characters is a great start, but it’s even more crucial to avoid words and numbers predictable to a password generator or someone familiar with your personal information. Therefore, in accordance with the new policy, passwords must not contain:
And that’s it. Aside from these simple requirements, you’re free to pick any password you want! See, I told you it’s not so bad, and I hope whoever sent those vaguely threatening e-mails to the Help Desk last week considers an apology. In fact, you could say the new policy makes password creation a more imaginative exercise. Have fun with it!
Here’s a sample password that meets the new requirements:
(This password is for example purposes only and cannot serve as your personal password.)
Of course, just because a password meets minimum requirements doesn’t mean it’s as secure as it could be. To help you test proposed passwords, we’ve created the Password Evaluator, which can assess your password’s security strength as you type it. I see many of you have taken advantage of it already. Fantastic! Also, to whoever keeps entering “IHopeYouPeopleRotInHell” into the Password Evaluator, let me assure you that that password is not very strong at all. For starters, it doesn’t even have a Wingding.
Once you’ve decided on a valid password with a high security rating from the Password Evaluator, spend a few seconds committing it to memory and then destroy any written record of it. Voilà, you’re done. Then you can sit back and forget about this password business for a whole two weeks, at which point your password will expire and you’ll need to create a brand-new one.
A final note: It’s very time-consuming for us to reset accounts for employees who’ve forgotten their passwords, so don’t forget the cardinal rule of password creation: Choose something easy for you to remember!
Thank you for your cooperation.
Corporate Information Security
SUGGESTED READSList: Passwords Printed on the Eight Trial Software Packages AOL Has Mailed to Me since December 20, and an Imagined Exchange Between AOL and Me
by Matthew Summers-Sparks (4/10/2001)
Open Letters: An Open Letter to William D. Ford Federal Direct Loan Repayment Program
by Kendra Stanton Lee (1/13/2012)
I’m the Distorted Security Code Standing Between You and This Web Page
by Colin Nissan (5/17/2012)
RECENTLYThe Sirens’ Performance Review
by Jon Wolper (3/10/2014)
Hungover Bear and Friends: Become Not Acquire
by Ali Fitzgerald (3/10/2014)
Letters to McSweeney’s
by Various Letter Writers (3/10/2014)
POPULAROpen Letters: An Open Letter to Men On the Subway, Specifically During Morning Rush Hour On the A Train Between Jay Street and Canal
by Jenna Clark Embrey (2/21/2014)
Kama Sutra for Couples Who Have Been Dating for Over Three Years
by Chelsea Davison (1/15/2014)
I Hope You Enjoy This Artisanal Knuckle Sandwich
by Keith Wisniewski (2/26/2014)