Day: August 21, 2013

Password Restrictions are Stupid

There are few things more infuriating than submitting a randomly-generated password and seeing it rejected based on some stupid asshole's stupid asshole idea of what constitutes a strong password.

Yesterday I encountered a site that rejected K"Nb\:uO`) as weak but accepted P@55w0rd as strong.

And my first day at my current job, we had to take mandatory security tutorials that, among other helpful hints, suggested that we satisfy the requirement for a capital letter and a symbol by putting the capital letter at the beginning of the password and an exclamation point at the end. Which, for those of you who are as bad at basic arithmetic as whatever moron put that suggestion in a security tutorial, defeats the entire purpose of requiring a capital letter and a symbol.

Which is, of course, why requiring capital letters and symbols in the first place is stupid, because "make the first letter a capital and put an exclamation point at the end" is what pretty much everybody does to satisfy that requirement anyway, even without official company-sanctioned security tutorials assuring them that this is okay and totally better than just having an all-lowercase password because math class is tough.