My father used to do work for a company that made him change his password every two weeks and wouldn’t let him reuse any of the last ten passwords he used. As a result, he resorted to writing down the password and taping it to his laptop so he could remember what the current password was—and made a point of it to the IT department.
If he had stored the paper in his wallet rather than on the laptop, I would have said the he handled the situation very well. For most people, the physical security afforded by their wallet is more than sufficient to safely store passwords. HBGary Federal would certainly have been better off if Aaron Barr and Ted Vera had used better passwords but written them down.
Telling people to never write down their passwords probably does more harm than good. Many people have too many passwords that change too often to legitimately expect them to be able to memorize them all. And when they do write them down, they have never been told that their wallet is a safer place to store them than under their keyboard.
My father and I eventually came up with a better system: he came up with a list that had enough passwords that he could reuse the first one after the last one on the list expired, and then taped to his laptop a list that had about half of each password on it. He would then put a little pencil mark next to whatever password hint corresponded to the password he was using at the time.
One thing I find fascinating is people’s occasional ingenuity in getting around password strength requirements. For example, faced with the requirement that the password can’t be the same as their name or username, sometimes they’ll figure out what is the smallest change that will make it acceptable (like e.g. leaving out the last letter), and use that.
(Come to think of it, the very fact that I know all this also says something by itself.)
You need to change your password. I checked it and you’re using the wrong one. Set it to “Vladimir_”—make sure to use the capital letter and underscore so it will be more secure.
My father used to do work for a company that made him change his password every two weeks and wouldn’t let him reuse any of the last ten passwords he used. As a result, he resorted to writing down the password and taping it to his laptop so he could remember what the current password was—and made a point of it to the IT department.
If I had to do that I’d just incorporate the date into the password somehow and otherwise leave it the same.
If he had stored the paper in his wallet rather than on the laptop, I would have said the he handled the situation very well. For most people, the physical security afforded by their wallet is more than sufficient to safely store passwords. HBGary Federal would certainly have been better off if Aaron Barr and Ted Vera had used better passwords but written them down.
Telling people to never write down their passwords probably does more harm than good. Many people have too many passwords that change too often to legitimately expect them to be able to memorize them all. And when they do write them down, they have never been told that their wallet is a safer place to store them than under their keyboard.
My father and I eventually came up with a better system: he came up with a list that had enough passwords that he could reuse the first one after the last one on the list expired, and then taped to his laptop a list that had about half of each password on it. He would then put a little pencil mark next to whatever password hint corresponded to the password he was using at the time.
One thing I find fascinating is people’s occasional ingenuity in getting around password strength requirements. For example, faced with the requirement that the password can’t be the same as their name or username, sometimes they’ll figure out what is the smallest change that will make it acceptable (like e.g. leaving out the last letter), and use that.
(Come to think of it, the very fact that I know all this also says something by itself.)
You need to change your password. I checked it and you’re using the wrong one. Set it to “Vladimir_”—make sure to use the capital letter and underscore so it will be more secure.