I work at the Borgata Casino Hotel and Spa here in Atlantic City (one of among several jobs I hold) and I went to sign on to my account there last night to check my last pay cheque. I go to sign in and of course I get the "your password has expired" as they like to make you get a new one every 2 or 3 months. No biggie, I like to cycle through a couple.

I put in a new password and I get a new message. "Your password cannot be one of the last 18 used)

EIGHTEEN!?!? Who really thinks that is some great number to use for how many passwords you can use. Personally, I randomly grab words out of a French to English dictionary I have sitting around for my passwords. This way they have no connection to me what-so-ever... but this means that a LOT of people are going to be writing their passwords down so they do not forget them.

Oh yea, they need to have a capital letter and a number in them too.

I know this is a little weak, but it just seemed like such a stupid thing at 4am

 

haha, same thing with my school website but every six months. I have since acquired a memory for such things like; cgrn64B3ae and the likes....

lmao.gif

 

18 is a lot. I'm a CS major and work in IT for a real estate company. I never really understood the purpose of that.

 

Yes, I agree, it's very stupid. My bank and other sites now make me type the city in which I was born in, what street I grew up on or whatever. I had to make a second account because it was locked because I didn't answer the questions correctly (I didn't put in true answers).. So get this, anybody who wants to screw around can lock up any other account just by answering these questions wrong. Yeah, that's great security what can I say. Not to say that the answers to these questions can usually be found pretty easy if you know the guy who was the account..

They think that if they make you change your password daily and make it 100 characters long equals great security. That's pretty stupid, as they usually have other huge security problems with their site..

 

The last 18 passwords is kind of too much. But using capital letters and numbers increases the character set and complexity of the password. Faster computers can fly through combinations of 26 letters pretty quickly today.

 

Yes but many times this is irrelevant if you have to try to log on each time to test a password (which is usually the case). And thus you are limited by how many login attempts the server can/wants to satisfy, not your computer. A good security measure is to limit the number of login attempts per IP to something like 5 per second or something like that. Don't get me wrong, I see the usefulness of having longer and more complex passwords, but I think many times this is exaggerated

 

I agree with you on that one. There are easier ways to make password cracking harder. But, the truth of the matter is, the majority of people use the names of their children/pets, last names, their favorite car, etc. The use of capitals curbs this in a big way. So, instead of somebody using a dog name (i.e. puppy), they might be forced to use something more complicated (i.e. Puppy1). Remember that most times a password is cracked, it is a co-worker trying to get somewhere they shouldn't be. When I worked as a computer tech, I could easily access most co-workers files and emails because I could easily guess passwords based on everyday conversation. BTW, passwords don't really have to be longer to be more complicated, but it does help.

And, to Mad-Machine: After thinking about it, your password criteria is very strong. If you go 2 months and 18 passwords back, you are being restricted from using a password more than once in a 3 year period. That is enough time to prevent present and former employees from gaining restricted access!

 

Increasing the security to that extent probly really decreases the security. That forces you to keep the password near you, written down.

 

^^ werd

I only use one password for everything, used the same one for 11 years,lol.. the one i cant control is just a number pass to get into the indoor archery range.

if someone had to write down all their pw's, which most people keep that kind of stuff in a wallett or purse, a simple mugging and you don't have them anymore and the thief has you by the balls.

 

At my old job, my boss used to keep a file with all his passwords + login to each site written down.

I HATE the security questions. Those things are something anyone could know..It wouldn't be hard to figure out the street I lived on, or my mother's maiden name..I always type BS answers in them.