Quote of the Weak (Special Characters)

While I realize many bloggers do “Quote of the Week,” it was Audit Monkey who gave me the idea. Here’s my very first quote:

Who uses special characters in passwords? Nobody does that.

Want to take a guess at the title of the person who uttered the weak phrase of the week? Payroll clerk? Nope. Administrative assistant? Nope. VP? Nope.

An IT auditor! If you’ve read much of my stuff, you know that I’ve complained before that too many IT auditors don’t get it (or IT for that matter).

We were discussing the company’s password policy requirements, specifically the one that requires 3 of 4 complexity characteristics (upper and lower case letters, numbers, and special characters).

When the auditor uttered the comment noted above, I replied, “I use special characters in all my passwords.” To which said auditor replied (providing a bonus of two weak quotes not only in one week, but in one conversation),

Wow, that’s hard to believe. You must really have something to hide.

I took comfort in the fact that this auditor realized that special characters make a password harder to guess or crack. But inwardly I laughed, as he obviously doesn’t understand why everyone should use strong passwords (for more on this, see What’s the Fuss?).

In my experience, I found that people tend to avoid uppercase characters due to the extra keystroke required (shift key). Some special characters (, . / ) don’t require a shift key, so I’ve found that they are used more. But even when I’m shoulder surfing, I notice a lot of “top row” special characters being used, all which require a shift key.

See also Throw Password Rules Under the Bus?

Leave a comment

Filed under Quote of the Weak, Security

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s