Tuesday, 10 December 2013

Strong passwords

Dear Microsoft,
I am writing to let you know that you are the only service provider I've ever used that doesn't let me use my 17-22 character long passwords. And to make it more controversial at the same time you don't forget to emphasize how important a strong password is.



The above was the original drafted blogentry, but by the time I am posting it this landed in my news reader. Now that makes the story complete.

And one more comment: the world would be a better place if everybody, including ops teams in the companies I've ever worked for, read xkcd. Besides that employees would stop storing server passwords in Excel files the passwords would also be really strong. FYI all brute-force password cracking software test against substitutions like o->0, s->$, l->1 and all the other tricks that make the usual corporate-security-policy-forced 8 character long passwords "strong".