This week I have been replacing old passwords on various websites. There were quite a few that I had not touched for over a year. So here are a few comments about crappy websites and the joy of resetting password.s
In the IT business it is considered best practice to change passwords frequently. One IT company that I worked for required all passwords to be changed at least once every 90 days. I find that excessive but once a year is probably good as a rule of thumb.
I am convinced of at least two things:
(1) website designers have rarely if ever changed their passwords and don't understand why anyone would do it, unless they'd forgotten a password and needed a reset.
(2) password change/reset code is the least tested part of any website.
On the best websites there is a clearly visible link or button for changing password. On less good websites this function is hidden in a dark corner. After searching for 5 minutes, I resort to the "forgot password" option. On shitty websites there is no other option.
Usually the "reset password" or "forgot password" functions succeed in sending an email to the address that you used when signing up. Sometimes it can take a few minutes. Sometimes it can take a few hours. In rare cases, the email never arrives.
Once you are presented with a field (or two) in which to enter your new password, you have to decide what kind of password to enter. The best websites inform the user up front about their (usually too complex) password rules. The worst websites let you guess them.
How long should the password be? The longer the password (the more characters), the harder it is to crack. These days, with cheap and powerful computers available, a 16 character password is crackable in a few days, if you throw enough CPU at it. So 16 characters is a minimum.
The difficult in using long passwords is that typing them is error-prone. Use a password manager: then you can copy/paste. If you don't have a password manager, a text file or spreadsheet file will do but you should protect it with a password (easily done in Excel for example).
Unfortunately there are still a lot of websites out there with a maximum password length of 20, 16 or even 12 characters. The best websites allow up to 64 or even more and good websites tell you up-front what is their limit. The bad websites let the user guess.
Then you have to decide whether to use "special characters", such as punctuation symbols. Some websites insist on them, a few don't accept them, some don't care. The best websites (e.g. eBay) tell you exactly the set of "special characters" you can use. The bad sites don't.
You can follow @gangleri2000.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.