I have been getting exasperated with a non-work website which has been asking me frequently (more often than once a month) to change my password. The most likely consequence of being asked to do this is to reduce security by writing down the password. (This does seem to be a bug, though, as the site owners claim it is only necessary to reset the password once every three months.)
More entertainingly, on taking over a new piece of kit I had to set a Bitlocker password. The validity rules were:
- 9 letters long
- Consonants and vowels as follows: CVCCVCCVC
- No repeated letters
The person equipping me had some suggestions about combinations of words that would satisfy the requirement, but I thought up one of my own, feeling rather like a Countdown contestant juggling vowels and consonants. On getting home, I wrote a short program to extract all single-word valid Bitlocker passwords from my online dictionary; there are 14 of them. As well as some common, easy to remember ones such as ‘fisherman’, ‘gunpowder’, ‘lethargic’, ‘nostalgic’ and ‘wonderful’, there was one word I didn’t know: mockernut. Of course, none of these should be used as an actual Bitlocker password as they must be among the first things hackers will try.