The p/w problem

This morning’s Observer column.

Here’s my problem. My password has expired and I need to set a new one. So I think of something and type it in. The system rejects it as being insecure. That’s funny – it’s about the same level of complexity as its expired predecessor. Then I remember – the organisation has recently acquired a new chief information officer and he’s embarked on a root-and-branch overhaul of the system, which presumably includes upgrading security rules.

So I think of a really secure, incomprehensible password and type it in. The system rejects it as laughably inadequate. So I try another and another and another. Same result each time. At this point, I’m getting irritated. Since it’s a Microsoft network, I decide to see what advice Microsoft can give me. I go to the company’s “Safety and Security Center” where’s there’s a helpful page on how to create strong passwords in four easy steps.