Thursday, August 20, 2015

Obnoxious Password Rules


We've all seen password rules, and most likely been annoyed by them. They think they're doing us a favor by requiring a highly secure password. But freedom is better. The more password rules they have, the less secure the password is because it's harder to remember, and it has to be written down, in its entirety. It can be so easily forgotten that you have to use the forgot password link and have a temporary one emailed. And email isn't very secure.

Can you imagine having to remember a password like this? &#p>b2"D8%u>w+\{6

On August 14th, I tried to login to my.t-mobile.com and was redirected to a page where I was required to change my password to a more secure one. I tried one of my usual passwords, and all the check marks turned green, so I figured it was good. So I clicked the button. No good. I tried several new passwords that appeared to satisfy the password auditor, but they still didn't pass their new, hidden stringent quality standards auditor, so I made up a stupidly complex password with absolutely no words found in the English dictionary. That appeared to be the problem with my other attempts. They included words found in the dictionary.

This new password had 16 characters, upper and lower case letters, numbers, and symbols. It looked like the gibberish that would appear on the screen when you tried to open an executable file in notepad. Finally, their algorithm appeared to accept my new password. But, since their server was "experiencing problems", I couldn't make it all the way through the password changing process. I didn't know if I should use my new or old password to log in.

I tried logging in with my new password, then my old password, but somehow went over the number of attempted login re-tries and got locked out for 24 hours. They had an option to "click here" and email me a temporary password. I tried, but of course, the server was "experiencing problems". Could it be that the overly stringent password requirements backfired? I was imagining thousands of frustrated T-mobile customers cursing their website, unable to pay their bills.

No comments:

Post a Comment