Strong passwords? Not here.
Aug 4th, 2008 by Micheal
People hopefully know by now that having a strong password is a good thing. But even if you try to have a strong password, the website may not allow you to.
You heard correctly. The website you are visiting may not allow you to have a strong password. I’ll let you pick your jaw off the floor before continuing.
For argument sake, let’s say that a strong password is the following: ([a-zA-Z0-9-#$@]+)
That’s not the world’s best regex, but it works for this. What this does is it matches any lowercase or uppercase letter, number from 0-9, and the special characters “-”, “#”, “$”, and “@.” Now let’s say the max length of your decently strong password is only 7 characters long. So your super-cool password of “this-is-the-s0nG-Th4t-n3v3R-#nD@” would be invalid, not because it contains invalid characters, but because it is too long. Sad, but that’s what happens on a lot of websites.
Example 1:
ERROR: The new password is too long. It can not be longer than 10 characters. Please fill out the form again and resubmit. - Removed for privacy
Example 2:
Minimum length is 6 characters. Enter a unique password containing only letters and numbers. - Sourceforge.net
Normally you’d think people would encourage the use of longer passwords and passwords that contain special characters, like “!@#$%^&*-_+<>.” No wonder people have problems creating stronger passwords, they aren’t allowed to!
Do you have a mechanism to track all of your passwords? Something other than a sticky-note attached to your monitor?
I am curious because as you noted, different web sites have different password rules. Sometimes it can be difficult to remember the password I set up for a specific site.
I happen to like a piece of software called Password Safe. http://passwordsafe.sourceforge.net/. Another one I’ve seen suggested is KeePass http://keepass.info/. Both are opensource. A commercial product that I’ve heard good things about is IronKey. https://www.ironkey.com/. Your mileage may vary of course, but I can only say that I’ve used and like Password Safe (though KeePass is looking tempting).