Important Follow Up Re: The New Password Complexity Policy.
We’ve experienced some pushback regarding the new Password Complexity Policy effective last Wednesday. Resisting change is perfectly natural, but I think the recent objections are primarily rooted in misunderstanding. Yes, the new policy requires a bit more attention on your part, but it’s truly not as bothersome as it’s being made out to be, and I suspect in a few weeks you’ll barely remember the transition. Let’s go over the new policy one more time.
Passwords must be 12 characters or longer and must contain at least six of the following seven types of characters:
Including these characters is a great start, but it’s even more crucial to avoid words and numbers predictable to a password generator or someone familiar with your personal information. Therefore, in accordance with the new policy, passwords must not contain:
And that’s it. Aside from these simple requirements, you’re free to pick any password you want! See, I told you it’s not so bad, and I hope whoever sent those vaguely threatening e-mails to the Help Desk last week considers an apology. In fact, you could say the new policy makes password creation a more imaginative exercise. Have fun with it!
Here’s a sample password that meets the new requirements:
(This password is for example purposes only and cannot serve as your personal password.)
Of course, just because a password meets minimum requirements doesn’t mean it’s as secure as it could be. To help you test proposed passwords, we’ve created the Password Evaluator, which can assess your password’s security strength as you type it. I see many of you have taken advantage of it already. Fantastic! Also, to whoever keeps entering “IHopeYouPeopleRotInHell” into the Password Evaluator, let me assure you that that password is not very strong at all. For starters, it doesn’t even have a Wingding.
Once you’ve decided on a valid password with a high security rating from the Password Evaluator, spend a few seconds committing it to memory and then destroy any written record of it. Voilà, you’re done. Then you can sit back and forget about this password business for a whole two weeks, at which point your password will expire and you’ll need to create a brand-new one.
A final note: It’s very time-consuming for us to reset accounts for employees who’ve forgotten their passwords, so don’t forget the cardinal rule of password creation: Choose something easy for you to remember!
Thank you for your cooperation.
Corporate Information Security
SUGGESTED READSList: Passwords Printed on the Eight Trial Software Packages AOL Has Mailed to Me since December 20, and an Imagined Exchange Between AOL and Me
by Matthew Summers-Sparks (4/10/2001)
Open Letters: An Open Letter to William D. Ford Federal Direct Loan Repayment Program
by Kendra Stanton Lee (1/13/2012)
I’m the Distorted Security Code Standing Between You and This Web Page
by Colin Nissan (5/17/2012)
RECENTLYLiterary Couchsurfing References
by Jason Edward Harrington (5/17/2013)
Position Papers from the Apple Pie and Machine Guns Institute: Position Paper #13: Fuck Science
by Stuart Winchester (5/17/2013)
I Don’t See Race
by Christopher Mah (5/16/2013)
POPULARI Would Like to Be Pope
by John Ortved (2/25/2013)
Monologue: I’m Comic Sans, Asshole.
by Mike Lacher (6/15/2010)
Nate Silver Offers Up a Statistical Analysis of Your Failing Relationship
by Jory John (2/26/2013)