The Absurdity of Corporate Password Security Policies

Moneybox
A blog about business and economics.
Aug. 5 2013 12:33 PM

The Absurdity of Corporate Password Security Policies

My password to the Washington Post Company's intranet recently expired, so I was prompted to come up with a new one. As I usually do, I had the handly app 1Password generate a random 10-character alphanumerical string—fPCxHn6Z2G.

That got rejected as insufficiently secure. You see, it didn't use any special symbols! And everyone knows special symbols are the key to password security. So I tried M@tthewYg1esias instead. That worked. After all, it's got upper and lowercase letters, a number, and a symbol. No hacker could ever crack that kind of security. Now fortunately it was easy enough to have 1Password churn out a string that was both actually secure and that fit the corporate policy. But it's a potent sign of how dumb we continue to be about passwords. What's even stranger in this case is that the company's official training materials about password security are actually quite good, and it shows that on some level the firm clearly has a strong grasp of information security procedures. It's just not in any way aligned with the actual way the company operates.

Matthew Yglesias is the executive editor of Vox and author of The Rent Is Too Damn High.

TODAY IN SLATE

The World

The Budget Disaster that Sabotaged the WHO’s Response to Ebola

How Movies Like Contagion and Outbreak Distort Our Response to Real Epidemics

PowerPoint Is the Worst, and Now It’s the Latest Way to Hack Into Your Computer

Everything You Should Know About Today’s Eclipse

An Unscientific Ranking of Really, Really Old German Beers

Education

Welcome to 13th Grade!

Some high schools are offering a fifth year. That’s a great idea.

Culturebox

The Actual World

“Mount Thoreau” and the naming of things in the wilderness.

Want Kids to Delay Sex? Let Planned Parenthood Teach Them Sex Ed.

The Shooting Tragedies That Forged Canada’s Gun Politics

  News & Politics
Politics
Oct. 22 2014 9:42 PM Landslide Landrieu Can the Louisiana Democrat use the powers of incumbency to save herself one more time?
  Business
Continuously Operating
Oct. 22 2014 2:38 PM Crack Open an Old One A highly unscientific evaluation of Germany’s oldest breweries.
  Life
Lexicon Valley
Oct. 23 2014 10:30 AM Which Came First, the Word Chicken or the Word Egg?
  Double X
The XX Factor
Oct. 23 2014 8:51 AM The Male-Dominated Culture of Business in Tech Is Not Great for Women
  Slate Plus
Tv Club
Oct. 22 2014 5:27 PM The Slate Walking Dead Podcast A spoiler-filled discussion of Episodes 1 and 2.
  Arts
Behold
Oct. 23 2014 11:08 AM Seeing the Familiar in Black and White
  Technology
Future Tense
Oct. 22 2014 5:33 PM One More Reason Not to Use PowerPoint: It’s The Gateway for a Serious Windows Vulnerability
  Health & Science
Bad Astronomy
Oct. 23 2014 7:30 AM Our Solar System and Galaxy … Seen by an Astronaut
  Sports
Sports Nut
Oct. 20 2014 5:09 PM Keepaway, on Three. Ready—Break! On his record-breaking touchdown pass, Peyton Manning couldn’t even leave the celebration to chance.