The other day I had my third encounter with the most annoying password changing requirements I've ever seen. The company (ADP) that we outsource our online Payroll accounting work to requires that I change my password now and then.
That's reasonable, but the sheer complexity and anal retentive nature of their system could drive one to drink. Heavily.
Click for the full image that contains even more rules!
Let me summarize the rules, as I now understand them.
- contain a number
- contain an uppercase letter
- contain a lowercase letter
- be at least 8 characters in length
- be fewer than 15 characters in length
- contain a "special" character
- not be recycled (though this is not explicitly listed, it's true)
- not contain more than 3 repeating characters ("zzz", "aaa", etc.)
- not contain more than 3 incremented or decremented numeric strings ("123", "876", etc.)
- not contains more than 3 incremented or decremented alphabetic strings ("abc", "zyx", "mno", etc.)
Got all that?
Last time I changed passwords, it took seven tries to come up with something that satisfied all their requirements.
Sheesh. My online banking and brokerage accounts aren't half this difficult.
I really wonder why they don't offer to generate a new password for me. With all those rules, it's unlikely that I'll be able to create a memorable one anyway--at least without more mental effort than it's worth.
What's the worst set of password requirements you've seen?
Posted by jzawodn at February 15, 2006 12:43 PM