( ESNUG 478 Item 10 ) ------------------------------------------- [12/18/08]
Subject: ( ESNUG 477 #4 ) Synopsys SolvNet's insane new password rules
> I cannot be the first one to send this to you. Have you seen SolvNet's
> new password requirements?
>
> Your password must meet the following criteria:
>
> Must be at least 8 characters long
> Must include at least 1 number
> Must include at least 1 symbol character (such as *, %, or #)
> Must include at least 1 lowercase letter
> Must include at least 1 uppercase letter
> Must not include your username, first name, and last name
> These requirements must be met within the first 8 characters
>
> This is insane. These are absolutely ridiculous password rules for
> something simple like SolvNet. Heck, my bank is not as paranoid.
>
> - Christian Mautner
> austriamicrosystems AG Unterpremstaet, Austria
From: Jarrod Brooks <jbq=user domain=cypress not calm>
Hi, John,
I totally agree with Christian. His complaints are nearly identical to the
email I sent back to the Synopsys SolvNet team. They put the blame on their
IT security Nazis, to which I requested that the Customer Service VP trumps
the IT nazis. That request has gone unanswered (surprise, surprise).
- Jarrod Brooks
Cypress Semiconductor Corp. Lexington, KY
---- ---- ---- ---- ---- ---- ----
From: Michael Miller <millerm=user domain=prolificinc not calm>
Hi John,
Having spent time concocting and enforcing password policies more onerous
than SolvNet's, I read Christian Mautner's tale of woe with a strange mix
of sympathy and glee.
My sympathetic (and increasingly forgetful) side suggests, as an alternative
to Post-It notes and license plate passwords, a password program such as
PasswordSafe, which uses public-domain Twofish encryption and is open
source. See http://passwordsafe.sourceforge.net/
- Michael Miller
Prolific, Inc. Newark, CA
---- ---- ---- ---- ---- ---- ----
From: Cliff Cummings <cliffc=user domain=sunburst-design not calm>
Hi, John,
I actually like a more secure password system. I wish my bank and other
important institutions would let me add a special character to a password.
It would make those passwords more secure.
Christian is right that SolvNet does not have to be that secure, but I
don't mind the new requirement.
One good thing that will come from Christian's complaint is that the
password does have to be changed very soon or you will have to re-up at
SolvNet. Unfortunately, I do not immediately read all of the SolvNet
email that I get, but fortunately, one of my students mentioned to the
others in the class that they had to update their SolvNet passwords, or
I might have been late in doing the update myself.
- Cliff Cummings
Sunburst Design, Inc. Beaverton, OR
Index
|
|
