Stupid password policy on forums
October 14, 2009 1 Comment
It happens here and there that I want to register somewhere and I just give up after I find out their password policy. Thing is, I use generally 8 characters long password that are not easy to guess. I used much simpler passwords for web sites, but I reconsidered later. But on IBM’s dev-site (I don’t even want to search for URL :-)) I had to include number and omit some punctuation mark or even include some other. When something forces me to use number… OK, but why the hell they then tell me not to use different character? So it’s demanding and limiting at the same time. And no, I don’t use characters beyond 7bit ASCII as it is not usable in many cases.
Whatever… said I and I simply didn’t register on that site. It was too… IBMish anyway. 😉 I could find most of the downloads I needed elsewhere or – on one occasion – a friend of mine with existing account downloaded it for me. Where I didn’t give up yet I was more than disappointed with their policy it was community site for JBoss Seam. When you register or reset password there you have to enter 10 characters which is NOT indicated anywhere. When you enter password like “AtIny,yg.” (without quotes) it will tell you that your password is easy! It doesn’t tell you that the password is short. I reported this on their forums more than a year ago. Also if you’re lucky, the CAPTCHA you get to solve is pretty uneasy. On any site CAPTCHA could be easier if it states if casing is important, if there may be numbers, etc. When you see 5 random characters often in many font shapes it is pretty unclear if something is lowercase “g” or 9 (because there is no baseline in many cases).
But to stay on passwords and keep this article short. I have now very primitive password on JBoss Seam, yet when I return there once in a year I mostly have to reset it. Today I hoped they reconsidered – but no. My complex password was easy. But “0123456789” is cool. Congratulations. As a final rant towards the page: They use their own Seam based forums, but there is no clear way how to search for two words so that results always contain both of them. Searching for “gwt upload” was pretty much the same like searching for “gwt” only. But maybe… maybe I’ll get at least direct answer for my question, which would mean that dealing with stupid password policies may be worth from time to time.