Home > Contemplations > Are Some Sites’ Passwords Requirements Getting Too Ridiculous?

Are Some Sites’ Passwords Requirements Getting Too Ridiculous?


Password Entry via Microsoft Office MP900390550

I have recently decided that I would like to further my education and increase my value to any employer. As such, I have been looking at continuing education programs from some Ontario Colleges* and in order to apply to any college you have to go through the centralized ontariocolleges.ca a site which you can use to to apply to all of Ontario’s colleges and makes the whole process streamlined.

*Side note for American readers: In Canada people who go for their B.A. go to university and a college is a place for further education after high school and a training institution that awards trade qualifications. Info via Wikipedia entry ‘College’

While signing up for an account on the site I was confronted with this as the password requirements:

OntarioColleges.CA password requirments

  • Minimum 8 Characters
  • Uppercase Letters
  • Lowercase Letters
  • Numbers
  • Symbols (e.g. @, #, $)
  • Passwords as entered match each other (you have to enter it twice to confirm)

As I sat there making up a password I thought to myself “Isn’t this a little bit ridiculous already? I mean I get it that a lot of private and personal information is going in to these accounts but quite frankly my bank has less requirements for how I make my password to get into my online account than this website does. I mean, there is a point of diminishing returns for passwords where we are more and more likely to forget them because they have become so complex that we have to write them down somewhere and then what was the point of these long intricate passwords?

I get it that brute force hacking means that the hacking computer is more likely to get the password the more complex it is and complexity is arrived at by adding more characters which makes it exponentially harder to guess the password but the addition of the extra characters into the mix just makes it all the harder for us as humans to remember the password. Beyond that, I promise that a large number of us, me included, end up just telling our computers to remember the passwords for us. If we don’t do that, we write down these insanely complex passwords and if someone is really that dedicated to getting my password don’t you think they’re likely to just try and break into our houses where we’ve written these bewilderingly difficult and complex passwords down because there’s no way we are ever remembering them?

I am fine with setting up a 15 character password. I can do that and remember it with certain mnemonic devices – maybe I’ll teach you my favorite one in a later post – but for me the capitalization aspect is what kills me. At the very least sites that require such intricately constructed passwords could give us all a hint, specifically listing the password requirements below the entry dialogue, and then I won’t be so likely to hit the “Forgot Password” button on a regular basis whenever I visit the site. The funny thing is, I find the sites that require these specifically formatted passwords are always the ones I barely ever use and am more likely to hit the “Forgot Password” button whenever I visit.

Maybe it is time we move to fingerprint or retina scanning on our computers? Maybe Google/Android can share their facial recognition technology with all of these sites so they can make all of our lives way easier…everyone has a webcam nowadays anyway, right? What do you think?

Password image via Microsoft Office.

About these ads
  1. January 11, 2012 at 5:15 pm

    Dan,

    Could be worse.

    For Real Estate Lawyers to have access to the Online Land Registry System, we not only have to use specific software; use a USB Drive (or Floppy Disk, yes I’ve seen that done) that contains our personal profile; but we also login with a password that is at least 8 characters long, contains Uppercase and Lowercase letters and includes numbers. Oh, and BTW, the password has to be changed every couple of months. That said, Real Estate Fraud is a huge problem and the Online Land Registry System needs really high security, so I get it. But that seems a little much for Ontariocolleges.ca

    Raymond AKA The Funky Barrister

    • January 11, 2012 at 5:22 pm

      Very true that does sound quite annoying. You should see if someone wrote a program to overlay onto your personal profile on your USB stick which has the password (changeable) embedded.

      At the same time as a real estate lawyer I’d assume you’re accessing the database pretty frequently so the password probably becomes memorized, no matter how complicated, fairly quickly. Conversely, how many times do you think someone is going to be logging into the Ontario College site? 10? 15 at the absolute outside I’d think.

  2. danah
    January 11, 2012 at 5:39 pm

    Are you going back full time? I take con. ed. courses all the time and I didn’t have to go through the Ontario Colleges application to do so.

    I agree though the password thing get ridiculous. My work one makes me insane every 3 months i have to change it and i cannot make a minor change because they change the requires for the password all the time too. Then there is the various websites with different requirements and crazy standards. I love that they want characters as well now. BS i tell you.

    • January 12, 2012 at 2:49 pm

      Yes, I am going to go back full time. I didn’t see any other way to apply for it other than go through the OCA.

  3. Roberto
    March 5, 2012 at 3:51 pm

    I am not convinced that facial recognition can be a secure alternative. What prevents malicious people from using photos obtained from public
    sources like Facebook? (Or doing some kind of relay attack?)

    • March 5, 2012 at 3:55 pm

      Fair enough Roberto. I should have mentioned in the post – but I didn’t – that the facial recognition technology available for consumers has been shown to be not quite there yet in terms of being high security.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: