Password Security Guidelines

For immediate issue:
Password Security Guidelines V2.2b

Due to new security policies, the following guidelines have been issued to assist in choosing new passwords. Please follow them closely.

Passwords must conform to at least 21 of the following attributes.

  1. Minimum length 12 characters.
  2. Not in any dictionary.
  3. No word or phrase bearing any connection to the holder.
  4. Containing no characters in the ASCII character set.
  5. No characters typeable on a Sun type 5 keyboard.
  6. No subset of one character or more must have appeared on Usenet news, rand(3), or the King James bible (version 0.1 alpha)
  7. Must be quantum theoretically secure, i.e. must automatically change if observed (to protect against net sniffing).
  8. Binary representation must not contain any of the sequences 00 01 10 11, commonly known about in hacker circles.
  9. Be provably different from all other passwords on the internet.
  10. Not be representable in any human language or written script.
  11. Color passwords must use a minimum 32 bit palette.
  12. Changed prior to every use.
  13. Resistant to revelation under threat of physical violence.
  14. Contain tissue samples of at least 3 vital organs.
  15. Must contain both upper and lower case characters as well as at least 2 numbers.
  16. Undecodable by virtue of application of 0-way hash function.
  17. Odorless, silent, invisible, tasteless, weightless, shapeless, lacking form and inert.
  18. Contain non-linear random S-boxes (without a backdoor).

Due to the severity of the restrictions, you must change your password every day.

The Password

Many years ago I was acting as the system administrator for a test system in a large publicly held company. Periodically I would receive a call from someone who had not accessed the system recently, forgot their password and locked themselves out trying to logon. I would look up their password and unlock the system for them and they would go on their merry way.

One day I received a call from a young lady who was in just such a predicament. I looked up her password and informed her that it was ‘DOME’ and, just to be playful, told her the price for me being gracious enough to unlock her sign-on was an explanation of the meaning of her password. She became very embarrassed over the phone and pleaded that she could never reveal her secret. I of course replied that I would not give her system access until she did. After negotiating for several minutes she finally acquiesced but made me promise to never reveal her password meaning to any of her colleagues to which I gladly agreed.

“Well, what does it mean?”, I asked.

She hesitated and then replied, “It’s two words.”

There was pregnant pause. I unlocked her system and simply said, “Have a nice day”.

Signs Your Cat has Learned Your Internet Password

  • E-Mail flames from some guy named “Fluffy.”
  • Traces of kitty litter in your keyboard.
  • You find you’ve been subscribed to strange newsgroups like alt.recreational.catnip.
  • Your mouse has teeth marks in it … and a strange aroma of tuna.
  • Hate-mail messages to Apple Computer Corp. about their release of “CyberDog.”
  • Your new ergonomic keyboard has a strange territorial scent to it.
  • You keep finding new software around your house like CatinTax and WarCat II.
  • On IRC you’re known as the IronMouser.
  • Little kitty carpal-tunnel braces near the scratching post.