One capital letter. One embedded number. No more than two consecutive letters. No symbols outside of underscore, dash, or period. Expires every 2 months. Forget your password? Create a security question.
Sound familiar? No, it’s not a word search for people with Tourettes. These are the most common guidelines for online password creation, used for everything from email and social media to merchant accounts and even pornography. If you follow the recommended guidelines for creating a “secure” internet password, your end result looks something akin to HTML’s retarded brother. And it’s the dumbest fucking set of internet rules this side of an online D&D forum.
The idea behind such restrictive protocol is of course to make it harder for people to guess your password and take over your account. What the people who designed and pushed these bullshit rules don’t understand is that if someone wanted to get into your inbox or bank account, chances are they won’t need to sit at their desk for hours and guess what random string of meaningless letters you put together to protect your Amazon account. Sure, it may deter the casual asshole buddy of yours from changing your sexual preference on Facebook, but that isn’t truly much of a nuisance. If someone wanted into your bank account numbers bad enough, chances are they can get them with this odd little thing called hacking. And hacking, by most definitions, doesn’t involve sitting there with your thumb up your ass taking random guesses at someone’s password.
My debt card got compromised a few months ago. Someone used the numbers and tried to buy a bunch of dumb crap with it. And they did it without hacking into my bank account page. The long, winding mix of Korean slang characters and Carly Simon lyrics I chose for my “strong password” didn’t do a God damn thing to stop my debt card numbers from getting stolen, I was forced to abide by draconian password restrictions for no good fucking reason. If it isn’t even an effective deterrent, why subject your clients to this shit?
Ever have your social media account phished? I have. Many of us have. The phisher doesn’t waste his time guessing how you spelled your dog’s name with numbers; they trick you into giving it to them yourself. Don’t know how to actually hack? There are tools out there easy enough to find and download that can turn any 40 year old virgin into a “script kiddie” and your bullshit string of letter vomit ain’t gonna stop them.
According to the “security experts” at Scientific American: “If you want to be absolutely secure, you should make up a different password for every single Web site you visit. Each password should have at least 16 characters, and it should contain a scramble of letters, numbers, and punctuation; it should contain no recognizable words. You should change all of these passwords every couple of weeks. And you should not write any of them down anywhere.”
Sound like a ton of hassle just to secure your Ron White fan page? IT IS. Tips like this are engineered to make dumbass old people feel secure when they use this newfangled black magic known as the internet. People who don’t understand technology, of which there are many more than you think, fear it. And any absurd, long-winded approach to make their Reddit account feel safer is welcome with open arms regardless how stupid it is in practice. Who the fuck comes up with these guidelines? Why can’t you write them down? Are you afraid that ninjas are going to break into your room, subdue your family, and ransack your dresser drawers to find your YouTube passwords so they can post videos of them bombing a US Embassy under your account so you take the fall for it? Holy shit that would kick so much ass.
My car insurance website follows these protocols. You need a crazy Pig Latin password AND a PIN. Oh no, don’t hack my car insurance account and pay my bill for me, whatever you do! My work is guilty of this practice too. We have three different systems and each requires a password different from the other two. Within one of these systems there are three subsystems that also require their own passwords that cannot match the password for the main system that hosts it. The passwords MUST contain a capital letter and an embedded digit. It cannot be the same password as your previous four passwords. Also, each of them expires. Only they expire at different rates. One expires every three months, one every four, et cetera. So after your first few months of employment at this shitbag company, you have your passwords so fucktard backward that you spend twenty minutes resetting them at the start or your day just so you can log in and get to work. Who the fuck designed this system? Do they have any rudimentary grasp on the real world? Have they any fucking clue that if someone really really wanted to hack their systems (which no one ever would, ever), they could fucking Google search a program or algorithm that will do it for them in minutes? Never mind the fact that even though this technology is easy to get a hold of, no one ever does anything with it. There isn’t some international cabal of hackers that confound people’s Facebooks, follow complete strangers on Twitter, delete their Pandora preferences, and skim their email accounts for porn. The truth of the matter is no one gives enough of a fuck to attack you or your precious New York Times comment account. So take the absURd_Pa55w0rds that everyone demands you have, shove it as far up your ass as possible, and let me make my password whatever the fuck I want it to be. If you are too much of an ignorant shitbag to understand how the internet works, don’t fucking use it. But the bottom line that I cannot stress enough is this: get rid of these silly password requirements that do more to piss people off than they do to stop hackers. They don’t work and don’t matter.