Passwords, like underwear, should be kept private, and need to be changed every couple of years or they cease to be secure.
It’s time for me to change my passwords, which means I’m spending a lot of time on the “My account” section of websites updating things. and getting rather frustrated with the inconsistency being demonstrated by various IT departments about what makes a secure password.
The truth is I’m a computer geek, I think I have a pretty Good idea of what makes a password secure. Preferably it should be a random string of all 95 printable ASCII characters (Upercase, lowercase, numbers, and symbols) but, since it’s no good for security if you can’t remember it and have to keep it on a stickynote stuck to your monitor. It should be memorable.
“1mXun#” for instance is a fabulous password. This seemingly random series of letters and symbols is not something anyone would ever guess, yet it’s easy for me to remember. (it’s the phrase “I am not a number” spelled in a funky way)
But of course there is also the problem of password reuse. If I use “1mXun#” for my bank. I should not also use it for my Gaming Account on JoesFlashGames.com which is why I always have a backup password that’s less secure but even easier to remember like “Exodus16:36”
The problem comes when some webmaster thinks they’re clever, and decides to make it impossible for anybody to use a stupid password such as their name, or the word “password” and starts making up rules. When that happens I’ll type in my new password “1mXun#”
*****
And it will spit back “passwords must be 8 characters or longer”
Well okay fine, I’ll use my other one “Exodus16:36”
***********
”Passwords must not contain and identifiable word”
Dangit , I bet it doesn’t know this word “Preterest Miroslav Vulfianism”
”****************************”
”Passwords must contain each of the following: one (1) uppercase letter, one (1) lowercase letter and one (1) symbol”
SWEET MOTHER MARY OF THE SEVEN SORROWS!!! FINE! ”Pa$$w0rd”
********
“Your password is accepted”
Do you notice how, the more restrictions I bump into, the more insecure my password becomes? I already naturally want to have a strong secure password, but I also have other stuff to do with my life, and the more you attempt to prevent me by force from being an idiot, the more tempted I am to be just enough of a non idiot to make you shut up.
Notice also that this would not be a problem if every site had the same standard. If everyone wanted an 8 character alpha numeric password it would be fine, I would get a small password like that and forget about it. but every site is different, and whenever I don’t fit into the box, I start finding ways to climb out.
This happens in the church constantly. Which is why you see people who wouldn’t dream of kissing until they get married, but will cheat on their girlfriends and in their studies. Or you see people who’ve memorized whole chapters of scripture but refuse to talk to people that aren’t like them.
We want to protect people from having a unstable spiritual life, we want to prevent them from phoning it in with something like “password” and just coming to church on Sunday. So we require small groups, or devos, or learning Greek before we really consider you spiritually mature and ready for leadership.
But sometimes I haven’t been to your “FaithRoots™” training course, because I’ve been too busy witnessing in the GLBT community, and you write me off. Or you put me on a pedestal because I’m there 3 nights a week, but I’m actually not really listening and capable of much more.
This is the eternal problem with programs. And probably why Jesus didn’t have any and just hung out with people all day