Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
1 result
Blame History Permalink
index.html 19.60 KiB 
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>Password Retention Policies | On My Mind...</title><meta name=keywords content="blog,human nature,it"><meta name=description content="It never used to bother me, but now it does.
Every time I hear about one of those laptops stolen with secrets, but &#34;no secure password&#34;, I believe that corporate password retention policies are to blame.
I have now come to the point, where I work, that the various password systems, with their vastly different password policies, have collided to make it impossible for me to keep up anymore. I will now be one of the countless hoardes that puts my passwords on a sticky note above my notebook's keyboard."><meta name=author content="Gary Allen Vollink"><link rel=canonical href=https://blog.vollink.nyc/post/2009/05/password-retention-policies/><link crossorigin=anonymous href=/assets/css/stylesheet.min.c30defa0e01dbe8f65cc43a70a58fbbc74cafc53a7f399e6a0af39088b9bcc16.css integrity="sha256-ww3voOAdvo9lzEOnClj7vHTK/FOn85nmoK85CIubzBY=" rel="preload stylesheet" as=style><script defer crossorigin=anonymous src=/assets/js/highlight.min.67ab6ccbad53232b614f9dbcbe19c8759e16f8552b23f5068b953ee70a6dd94f.js integrity="sha256-Z6tsy61TIythT528vhnIdZ4W+FUrI/UGi5U+5wpt2U8=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://blog.vollink.nyc/favicon.ico><link rel=icon type=image/png sizes=16x16 href=https://blog.vollink.nyc/favicon-16x16.png><link rel=icon type=image/png sizes=32x32 href=https://blog.vollink.nyc/favicon-32x32.png><link rel=apple-touch-icon href=https://blog.vollink.nyc/apple-touch-icon.png><link rel=mask-icon href=https://blog.vollink.nyc/safari-pinned-tab.svg><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><noscript><style>#theme-toggle,.top-link{display:none}</style><style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style></noscript><meta property="og:title" content="Password Retention Policies"><meta property="og:description" content="It never used to bother me, but now it does.
Every time I hear about one of those laptops stolen with secrets, but &#34;no secure password&#34;, I believe that corporate password retention policies are to blame.
I have now come to the point, where I work, that the various password systems, with their vastly different password policies, have collided to make it impossible for me to keep up anymore. I will now be one of the countless hoardes that puts my passwords on a sticky note above my notebook's keyboard."><meta property="og:type" content="article"><meta property="og:url" content="https://blog.vollink.nyc/post/2009/05/password-retention-policies/"><meta property="article:section" content="post"><meta property="article:published_time" content="2009-05-02T16:40:00-04:00"><meta property="article:modified_time" content="2010-09-07T18:30:12-04:00"><meta property="og:site_name" content="On My Mind..."><meta name=twitter:card content="summary"><meta name=twitter:title content="Password Retention Policies"><meta name=twitter:description content="It never used to bother me, but now it does.
Every time I hear about one of those laptops stolen with secrets, but &#34;no secure password&#34;, I believe that corporate password retention policies are to blame.
I have now come to the point, where I work, that the various password systems, with their vastly different password policies, have collided to make it impossible for me to keep up anymore. I will now be one of the countless hoardes that puts my passwords on a sticky note above my notebook's keyboard."><script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Posts","item":"https://blog.vollink.nyc/post/"},{"@type":"ListItem","position":2,"name":"Password Retention Policies","item":"https://blog.vollink.nyc/post/2009/05/password-retention-policies/"}]}</script><script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"Password Retention Policies","name":"Password Retention Policies","description":"It never used to bother me, but now it does.\nEvery time I hear about one of those laptops stolen with secrets, but \"no secure password\", I believe that corporate password retention policies are to blame.\nI have now come to the point, where I work, that the various password systems, with their vastly different password policies, have collided to make it impossible for me to keep up anymore. I will now be one of the countless hoardes that puts my passwords on a sticky note above my notebook's keyboard.","keywords":["blog","human nature","it"],"articleBody":"It never used to bother me, but now it does.\nEvery time I hear about one of those laptops stolen with secrets, but \"no secure password\", I believe that corporate password retention policies are to blame.\nI have now come to the point, where I work, that the various password systems, with their vastly different password policies, have collided to make it impossible for me to keep up anymore. I will now be one of the countless hoardes that puts my passwords on a sticky note above my notebook's keyboard.\nI have 9 separate password/account combinations at work. Some of them force me to change them every 6 weeks, others force me to change them every 3 months. Some of these require punctuation characters, mixed case and numbers, some of these do not require anything but letters. I could handle this, because none of the systems (at work) deny the use of punctuation or numbers in the passwords. There is ONE account that does not handle a password longer than 8, but that one (at least) ignores anything typed longer than 8.\nI have, for the last 3 years or so, used basically the same password on all of my \"important\" accounts, with very minor variations. Because of the policies in place, I have been in the habit of changing my password monthly, at the first, and integrating the month itself into the password. This, typically, changes three characters of the password, and allowed me to have a secure password that I had otherwise memorized. So, now the policy has changed again, to where three letters is no longer good enough. Now it has to be five.\nNone of this stuff is REALLY that important, is it?\nWorse, I used to be Director of IT for a former employer. I know this stuff. I know there is a better way. I know why my new solution is \"bad for the company\". Yet, when I WAS in IT, I did everything in my power to make sure that once someone chose a decent password, that it would be the same password on all the systems, and that I wouldn't force people to change it all the time. EVEN THERE, I found passwords taped to near 30 different laptops (with a corporate population of around 100). If I could figure out that people easily give up trying to protect passwords, then why do all the major corporations have these terribly inconvenient policies in place? ","wordCount":"412","inLanguage":"en","datePublished":"2009-05-02T16:40:00-04:00","dateModified":"2010-09-07T18:30:12.372-04:00","author":{"@type":"Person","name":"Gary Allen Vollink"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://blog.vollink.nyc/post/2009/05/password-retention-policies/"},"publisher":{"@type":"Organization","name":"On My Mind...","logo":{"@type":"ImageObject","url":"https://blog.vollink.nyc/favicon.ico"}}}</script></head><body id=top><script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add("dark"):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove("dark"):window.matchMedia("(prefers-color-scheme: dark)").matches&&document.body.classList.add("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://blog.vollink.nyc/ accesskey=h title="Home (Alt + H)"><img src=https://blog.vollink.nyc/AllenWrench.gif alt=logo aria-label=logo height=35>Home</a>
<span class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></span></div><ul id=menu><li><a href=https://blog.vollink.nyc/post/ title=Posts><span>Posts</span></a></li><li><a href=https://blog.vollink.nyc/tags/ title=Tags><span>Tags</span></a></li><li><a href=https://home.vollink.com/ title=home.vollink.com><span>home.vollink.com</span></a></li></ul></nav></header><main class=main><article class=post-single><header class=post-header><div class=breadcrumbs><a href=https://blog.vollink.nyc/>Home</a>&nbsp;»&nbsp;<a href=https://blog.vollink.nyc/post/>Posts</a></div><h1 class=post-title>Password Retention Policies</h1><div class=post-meta><span title="2009-05-02 16:40:00 -0400 -0400">2 May 2009</span>&nbsp;·&nbsp;2 min&nbsp;·&nbsp;Gary Allen Vollink</div></header><div class=post-content>It never used to bother me, but now it does.<br><br>Every time I hear about one of those laptops stolen with secrets, but "no secure password", I believe that corporate password retention policies are to blame.<br><br>I have now come to the point, where I work, that the various password systems, with their vastly different password policies, have collided to make it impossible for me to keep up anymore. I will now be one of the countless hoardes that puts my passwords on a sticky note above my notebook's keyboard.<br><br>I have 9 separate password/account combinations at work. Some of them force me to change them every 6 weeks, others force me to change them every 3 months. Some of these require punctuation characters, mixed case and numbers, some of these do not require anything but letters. I could handle this, because none of the systems (at work) deny the use of punctuation or numbers in the passwords. There is ONE account that does not handle a password longer than 8, but that one (at least) ignores anything typed longer than 8.<br><br>I have, for the last 3 years or so, used basically the same password on all of my "important" accounts, with very minor variations. Because of the policies in place, I have been in the habit of changing my password monthly, at the first, and integrating the month itself into the password. This, typically, changes three characters of the password, and allowed me to have a secure password that I had otherwise memorized. So, now the policy has changed again, to where three letters is no longer good enough. Now it has to be five.<br><br>None of this stuff is REALLY that important, is it?<br><br>Worse, I used to be Director of IT for a former employer. I know this stuff. I know there is a better way. I know why my new solution is "bad for the company". Yet, when I WAS in IT, I did everything in my power to make sure that once someone chose a decent password, that it would be the same password on all the systems, and that I wouldn't force people to change it all the time. EVEN THERE, I found passwords taped to near 30 different laptops (with a corporate population of around 100). If I could figure out that people easily give up trying to protect passwords, then why do all the major corporations have these terribly inconvenient policies in place?</div><footer class=post-footer><ul class=post-tags><li><a href=https://blog.vollink.nyc/tags/blog/>blog</a></li><li><a href=https://blog.vollink.nyc/tags/human-nature/>human nature</a></li><li><a href=https://blog.vollink.nyc/tags/it/>it</a></li></ul><nav class=paginav><a class=prev href=https://blog.vollink.nyc/post/2010/06/crazy-morning-getting-better/><span class=title>« Prev</span><br><span>Crazy Morning, Getting Better</span></a>
<a class=next href=https://blog.vollink.nyc/post/2009/03/dev-chair-programming-platform-3.0/><span class=title>Next »</span><br><span>[dev] CHAIR Programming Platform 3.0</span></a></nav><div class=share-buttons><a target=_blank rel="noopener noreferrer" aria-label="share Password Retention Policies on twitter" href="https://twitter.com/intent/tweet/?text=Password%20Retention%20Policies&url=https%3a%2f%2fblog.vollink.nyc%2fpost%2f2009%2f05%2fpassword-retention-policies%2f&hashtags=blog%2chumannature%2cit"><svg viewBox="0 0 512 512"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg></a><a target=_blank rel="noopener noreferrer" aria-label="share Password Retention Policies on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fblog.vollink.nyc%2fpost%2f2009%2f05%2fpassword-retention-policies%2f&title=Password%20Retention%20Policies&summary=Password%20Retention%20Policies&source=https%3a%2f%2fblog.vollink.nyc%2fpost%2f2009%2f05%2fpassword-retention-policies%2f"><svg viewBox="0 0 512 512"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg></a><a target=_blank rel="noopener noreferrer" aria-label="share Password Retention Policies on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fblog.vollink.nyc%2fpost%2f2009%2f05%2fpassword-retention-policies%2f&title=Password%20Retention%20Policies"><svg viewBox="0 0 512 512"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg></a></div></footer></article></main><footer class=footer><span>&copy; 2023 <a href=https://blog.vollink.nyc/>On My Mind...</a></span>
<span>Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
        <a href=https://git.io/hugopapermod rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(t){t.preventDefault();var e=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(e)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(e)}']`).scrollIntoView({behavior:"smooth"}),e==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${e}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script><script>document.querySelectorAll("pre > code").forEach(t=>{const n=t.parentNode.parentNode,e=document.createElement("button");e.classList.add("copy-code"),e.innerHTML="copy";function s(){e.innerHTML="copied!",setTimeout(()=>{e.innerHTML="copy"},2e3)}e.addEventListener("click",o=>{if("clipboard"in navigator){navigator.clipboard.writeText(t.textContent),s();return}const e=document.createRange();e.selectNodeContents(t);const n=window.getSelection();n.removeAllRanges(),n.addRange(e);try{document.execCommand("copy"),s()}catch(e){}n.removeRange(e)}),n.classList.contains("highlight")?n.appendChild(e):n.parentNode.firstChild==n||(t.parentNode.parentNode.parentNode.parentNode.parentNode.nodeName=="TABLE"?t.parentNode.parentNode.parentNode.parentNode.parentNode.appendChild(e):t.parentNode.appendChild(e))})</script></body></html>