It’s been several years now that our reliable contributor Daniel D.
has been sending us the same gripe time after time. We get it, really we do. It irks us too,
but it is astounding just how many times he’s been able to find this!
With no further ado, here is Daniel’s pet peeve. See if you can figure out what it is.
640 kB 40 characters must be enough for anybody,” right? Daniel bemoaned
“US Banks, brokers, financial institutions. You would expect them to put heavy safeguards with stronger the password the better, right? But then you find out they require just 8 to 40 and not a bit more.”
Gripe Numero Dos, Daniel wants to know “How much is more?”
Grumbling on, “I tried to register an account with FT.com with a generated
password of 62 character length of mixed alphanumerical
and special symbols, as usual, when this happened… Based
on my experience this issue usually pops up when the system
does not allow longer passwords. So, decreasing to 52 didn’t
work, 42 did. Maybe the mice know why.”
“50 characters should be enough for everybody”, Daniel complained in March.
“Bill Gates supposedly said … (he didn’t really).
But New Relic is sure that 50 characters password are safe
enough and you don’t need 62 characters at all.”
Still longer ago, Daniel identified another transgression with a limit of
32 this time. No idea who to blame and shame for this one:
Finally (or initially), Daniel uncovered foolish consistency
among the publishing gnomes: “We all know password requirements
are like a plague. Even security professionals do not recommend
complex password creation rules. But The Atlantic begs to
differ: “Why don’t you add a special character to your securely
generated 62 characters long password?” Yep, The Atlantic,
that special symbol is going to make difference and my account
won’t get hacked.” Alas, Daniel, I regret to inform you
that some IT departments don’t get a choice about what requirements to enforce, their
security auditors or regulations make that decision for them.
I bet you guessed it.
