Archive for January, 2008

Stupid Password, Stupid Sign-in


I was going to write a longer article about stupid password requirements and other sign-in annoyances, but Jared Spool beat me to it.

Instead here’s a contribution from ourHer Majesty’s Government:


I had to shrink the picture to fit. So in case you can’t read it, it says my password must be memorable and:

  • be between 8 and 12 characters
  • contain a combination of letters and numbers
  • contain two or more numbers which are separated by one or more letters
  • not contain spaces or the word ‘password’
  • not contain three adjacent letters or numbers the same (eg ‘aaa’ or ‘999’)

They commit mistake number 10. Too many requirements on the form of the password.

So, let’s pick a password. Naturally my first choice is “bob”. Typically I try and the use same password on all these stupid websites where I have to create an account; that way I have a hope of remembering what it is.

bob is too short, how about bobandbob? Oh no, must have numbers is as well.

bob777bob? Oh hold on, there’s a little logic exercise to solve: 2 or more numbers (check) which are separated by one or more letters. Oh no, 7 and 7 are separated by 7. Hmm. This is tricky. Maybe they should just suggest an example password and I’ll use that. The wording of this requirement is precise but confusing (it’s almost as if they translated the Java code into English). “Must have numbers with letters in between the numbers” would have been a clearer way to say it.

Aha, what about 7boooob7? Oh, damnit! 7bobbob7 it is then. Good job I wrote this blog post so I can refer to it when I want my password again.

At least they didn’t commit mistake number 9 and hide all these complex requirements. Unlike Livejournal, which only reveals that your password must contain a number when you reset it via e-mail. If they told me my password had to contain a number when I got it wrong, that would give me a clue as to what it is.

This sin committed by a lot of these websites that require an account is pride. They think they’re important enough for me to care about their website. So that I might actually forgive the annoying user interface and arbitrary requirements. Whereas the reality is that it’s just another tedious annoying hoop to be jumped through just to get on with whatever it was I was trying to do (get a new driving licence because I have moved house, in my case).

Microsoft don’t use VSS?


Whaddya know. IE8’s source code is managed using Perforce (click on my first link and scroll down past the smiley face to the change log). Yay for agile tools! I wonder why they don’t use VSS? No. I really don’t. Will perforce save them from the tar pit of doom? Bwahahahaha!

Dealing dog death


Let’s put CPR and How To Kill A Dog on the national curriculum. There’s some good hints in the back of Richard’s Bicycle Book.