Password Strength – you’re doing it wrong

A confluence has occurred – time to write a post!

password strength explained

Wow.  That’s very observant, and kind of funny (to me anyway).

So, my corporate password was expiring shortly after I read this, so I decided to change my pattern, chose three motivating words, and set the new password.  Then I went to a meeting.  Then I went to another meeting.  That meeting slid right into our Friday afternoon bash, with pizza and beer (though I’m sure that is an irrelevant detail).

After that, I went back to work and for the life of me could not remember the first word.  A co-worker brilliantly pointed out that I can VPN in to the network using my RSA key, and can thereby access the password-reset application without providing a password.  It’s late on a Friday, so I put my laptop in standby and go home.

At home, I do the VPN trick from another computer and reset my password.  Then, I see the flaw in my plan.  The laptop is locked with the old password with a missing first word.  To unlock it with the new password, it must be connected to the office network.  I can connect using VPN, but must unlock it first…

So, I ended up working a couple of days from a krufty old back up laptop using the Outlook Web Interface to mail and without any support tools.

The workaround (for next time) is to install a  local administrator account while I have access, then use that account to establish VPN.  Our Very Smart IT Guy says that when I then switch users, it will use the active network session to check for access and change the cached password.  Note: I don’t actually anticipate there will be a next time.

This came up today:

You're doing it wrong

I like it.

One Response to “Password Strength – you’re doing it wrong”

  1. Elijah says:

    The password thing makes sense. The password to my youtube account is 24 characters long. =)