Impossible to remember usernames and passwords

[jitspoe]

Ok, I just need to rant.  I'm filling out some stuff for a recruiter and had to create an account.  Well, if you're like me, you've probably got accounts numbering in the hundreds, between forums, games, banking, email, online shopping, etc., so you create different levels of passwords based on how much you trust a site/care about your account.  Remembering hundreds of passwords is kind of out of the question, but using your bank password to register for some cheesy forum that probably stores the passwords in plain text is dumb.

Then you come along and hit crap like this: when I went to sign up for the recruiter's system, it required the password be at least 8 characters, have letters and numbers, have a special character, have upper and lower case characters, and not have any repeating characters.  I mean, good grief!  All that to submit my resume?  Hope I never need to log in again because I've probably already forgotten it.

Then, not 5 minutes later, I went to register an account with sprint, and it required both letters and numbers for the username.  The username!  It also had to be at least 7 characters.  What the hell, people?  So now, not only am I not going to be able to remember my password, but I won't even remember the username that goes with it!

Don't even get me started on the systems that require you to change your password every couple of weeks and don't let you re-use any for like years.

Really, what does this accomplish?  Security?  Not if you're forced to start writing all this stuff down or use really stupid, obvious stuff as your password just so you can remember it.

I just needed to get that off my chest.

[FlaMe]

* Flame agrees ...well put haha sorry that happened to you

[y00tz]

Blah we had this conversation at work for an hour   I don't even remember what site spurred it, maybe it was the active directory for the mail server, I don't know...    So you support OpenID?

[Eiii]

There's some helpful Firefox extension that automatically generates passwords and sticks them in based on the domain it's currently at and a salt you provide, but then you're kind of screwed if/when you need to access the account from somewhere that isn't your computer.

[jitspoe]

Or if you don't/can't use firefox, or the domain changes, or the extension is no longer supported, or...

[KiLo]

Try torrentbytes.net. Your password has to be 10 characters with upper and lower case and include numbers.

[DaRkNeSS]

A short pencil is better than a short memory.

Or however that quote goes.

[sk89q]

Then you come along and hit crap like this: when I went to sign up for the recruiter's system, it required the password be at least 8 characters, have letters and numbers, have a special character, have upper and lower case characters, and not have any repeating characters.  I mean, good grief!  All that to submit my resume?  Hope I never need to log in again because I've probably already forgotten it.

Haha, good thing my (new) passwords (that are of some importance) already all meet about all of that

But yeah, I know what you mean. Sometimes I don't need my password to be that complex, and it is just a bother to fit to 'requirements.' The username thing is especially annoying. I also find it annoying when they limit username or password length, as I tend to hit them from time to time.

[KiLo]

Where my mom works, their passwords have to be like 7 characters upper and lower case and has to include numbers. Then they change their password every month and they can not reuse a password. So far she has been through like 60 passwords and she has trouble thinking up new ones now.

[KnacK]

For starters, Sprint either had a HUGE security issue or their login system is changing due to the system merger with Nextel.

I just had to change my corporate admin login to Sprint AND my password due to this.

Now for passwords.

I have a core password that I typically use with variants on the front and backend based on the level of security required.  This has worked pretty well.

Those recruting sites, nonster, dice, hotjobs, getmeafreggingjobrightnow, and business related forum/web sites get a very generic password that I keep in my gmail account for easy reference.

[y00tz]

I have a core password that I typically use with variants on the front and backend based on the level of security required.  This has worked pretty well.

My old password was the same 9 number string, with varying prefixes and suffixes... it worked pretty well.

[XtremeBain]

I've been using KeePass at home and work.  I've already got about 200 passwords (all of them with 1 month system expiry) on my work database, just from servers that I frequent.  Every day I try to add a couple more servers to it.  It has some neat auto-login or login prompt hotkeys that enters the username/password for you, and I use a couple custom password generator profiles so that the passwords meet the requirements depending on the system.

[Zorchenhimer]

My old highschool had an interesting system for the teachers.  Their passwords to access the grades and such on the school network changed every five minutes.  They had to carry around these little key things that would tell them the new password.  I think this was put into play because someone got a list of passwords or something.

[XtremeBain]

My old highschool had an interesting system for the teachers.  Their passwords to access the grades and such on the school network changed every five minutes.  They had to carry around these little key things that would tell them the new password.  I think this was put into play because someone got a list of passwords or something.

Lots of companies use RSA SecurID key fobs that is basically just a little number generator that changes every so often (mine is 1min).  The server knows the pattern of each token and after it's been synchronized it's good to go.  I've only really ever seen them used with VPN, but you can integrate the authentication with pretty much anything.

[lekky]

Yeah we use SecurID at work. Basically its used as well as username and password, to access site material offsite such as emails, intranet, etc, etc

[KnacK]

At SHell, not only did we have a domain user name and pw, we also had Smart Cards.  Then, for vpn access, we ALSO had secureID cards.

[sk89q]

My dad uses the RSA SecureID too, or something by another company (although I believe RSA has a patent on it). Just lovely number generators with the same algorithm and synced seed and clock.