Better Living Through Insanely Secure Passwords

I recently had to register on a computer system operated by the United States government, and was quite surprised – albeit in a good way, I suppose – by the requirements set forth for a password on this system. My password needed to:

Be no less than nine characters, and no more than 16;
contain no more than two identical consecutive characters;
contain at least two uppercase letters;
contain at least two lowercase letters;
contain at least two digits;
and contain at least two “special” characters (ampersands, octothorpes, etc).

I mean, okay, that’s a pretty stridently secure set of criteria for a password, don’t you think? I’m not sure who came up with that set of guidelines, but they’ve certainly done their part to protect against weak passwords, in my opinion, at any rate.

But, here’s the really funny thing – guess what the computer system this password criteria is for. Go on, take a guess. Heck, guess the system’s security level.

Did you guess something on SIPRnet? Maybe a component of Intellipedia? Something at a SECRET level?

If so, you guessed wrong.

No, what this hyper-secure password is protecting is the USAF’s Freedom of Information portal, a completely unclassified public website which is apparently now the only way to make an online FOIA request to the Air Force, annoyingly enough.

Please try and convince me that isn’t gross overkill.

Oh, and for extra special irony points, please note that the system you’re supposed to access with this password is “protected” by a mismatched SSL certificate.

Yeah, no misplaced priorities or mixed messages here, eh?

Published in: 'D' for 'Dumb', Geekiness, General | on October 7th, 2009| Comments Off on Better Living Through Insanely Secure Passwords

Both comments and pings are currently closed.

Comments are closed.