Overzealous Much?

To go along with my password article, here’s one showing the bad side of passwords.  This is a copy of the “password rules” for Intel’s website, which I use for getting access to their licensed compilers.  Before 1Password, the rules here were so draconian that I took to writing the password down on a piece of paper (yes, a sysadmin doing exactly what he tells people not to do!)  There was no way I could follow their rules and remember a password when I only use it maybe twice a year; especially since they require it be changed every couple months, so every time I’d use it I’d have to change it!  This proves that a password policy can be too “secure” – so much so that it drives security all the way back to the point where you might as well not ask for a password at all, since they no longer hold any meaning (or real security).

Password Rules:

  • The password must be at least eight characters long, and can contain letters, numbers, and punctuation.
  • It must not exceed fourteen (14) characters.
  • It must contain at least one alpha character [a-z; A-Z], one numeric [0-9] and one special character [`! @$%^&*()-_=+[];:'”,<.>/?].
  • It cannot contain spaces.
  • The password cannot be the same as any of your previous eight (8) passwords.
  • It cannot contain your login id.
  • It may not contain any of the following special characters: Asterisk (*) Comma (,) Backslash ( /) Forward Slash (\).

It must not:

  • Be a name (your own, family members, pets, or famous people)
  • Be your social security number, driver’s license number, passport number or some other identification number.
  • Be repeating numbers, letters or characters (111111, aaaaaa, !!!!!!)
  • Be a number or character combinations that are next to each other on the keyboard (123456, asdfgh)
  • Be a dictionary word of any language
  • Begin with an exclamation point (!) or question mark (?)
  • Contain your IDSID or WWID
  • Have the same first three characters.

Leave a Reply

You must be logged in to post a comment.