Why won't we help users create good passwords?


Sysadmin pilot fish at this bank gets a call from a veteran loan officer, who complains that he can't get signed on to the core banking system.

"This particular user was a serial offender at locking out his account, so after re-enabling the account I got connected, sharing the user session," says fish.

"I entered the temporary password I had just set for the account into the first field myself to ensure success, and then asked him to choose a new password and confirm it.

"After five rounds of rejected new passwords, re-entering the password and giving him another chance to choose an alternative, I patiently explained that our password-complexity requirements would not allow the password to have two numbers next to each other.

"'Ah, OK, gotcha,' he said.

"After another ten attempts, and the same system rejection message, I offered examples of several passwords that would and wouldn't be accepted by the system -- and I reiterated that adjacent numeric characters would not work.

"'That's what I've been choosing, I don't know why it keeps rejecting.' Another five attempts go by. 'There must be a problem with the system, it doesn't like anything I try.'

"At this point I was wondering if there truly was an issue, so I took control of the session and entered a new password myself to test it. The system accepted it immediately and the user was successfully signed on.

"He said, 'OK, great. I don't know why it wouldn't take my new password -- 4 and 6 aren't next to each other...'"

You know Sharky's password: truetalesofITlife. So send me your story at sharky@computerworld.com, and you'll snag a snazzy Shark shirt if I use it. Add your comments below, and read some great old tales in the Sharkives.

Get your daily dose of out-takes from the IT Theater of the Absurd delivered directly to your Inbox. Subscribe now to the Daily Shark Newsletter.

The march toward exascale computers
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies