Aditya Kothadiya’s Blog

Entrepreneurship, programming, design, productivity, philosophy and more.

Wrong usage of “Strong Password Policy”

January 14th, 2009

I’m a subscriber of a web service, which provides online manuals or articles for the tools that I use on a daily basis at my workplace. So I need to visit this service once in a while. Today when I tried logging into it after many days, it redirected me to create a new password because my password was not meeting their “Strong Password Policy” requirement.

My first reaction was – why the heck they need “Strong Password Policy”? They are just an online help documentation service, not a Credit Card or Bank website. And I absolutely don’t have any personal information stored there.

But anyways, whatever the reason they thought, I convinced myself to change the password. But guess what, their freaking complex “Secure Password Policy” didn’t allow me to create any password which I thought were quite secure enough.

Then I had to read their strong password policy. Here is what it mentioned -

Your password must meet the following criteria:

  • Must be at least 8 characters long
  • Must include at least 1 number
  • Must include at least 1 symbol character (non-letter or number, such as *, %, or #)
  • Must include at least 1 lowercase letter
  • Must include at least 1 uppercase letter
  • Must not include your username, first name, and last name
  • These requirements must be met within the first 8 characters

After reading this, I almost had to control myself from hitting my keyboard on the monitor. Do read the each bullet carefully, especially the last one. Why on the earth that service needs this kind of password policy? Believe it or not, even my Credit Card or Bank websites don’t enforce me to create this kind of “strong” password.

In my opinion, these are the types of services, who absolutely don’t get the web usability. Just because someone cracked the code to create strongest password, doesn’t mean that’s the way to go. On top of this stupid requirement, this service neither has a sophistacated interface to navigate through hundereds of documents nor they have smart search engine.

Come on guys, now it’s almost the end of Web 2.0 era. At least now please throw away those Web 1.0 practices and follow the cuttting-edge technologies and practices. Please grow up.

Posted in Design

  • http://www.plyplemadesign.com.au Troy

    I agree, let the user decide how valuable they find the information they are trying to protect. If the user is really worried then they will make the password as difficult as possible In the end it is just another character.

  • http://cheap-nikeshox.com nike sb shoes

    Well , the view of the passage is totally correct ,your details is really reasonable and you guy give us valuable informative post, I totally agree the standpoint of upstairs. I often surfing on this forum when I m free and I find there are so much good information we can learn in this forum!