Skip to content

Passwords and Reviewing

I was asked to review a proposal today.  Right now, I am feeling a little overwhelmed:  I have a new administrative position (“Senior Associate Dean, Education”) which involves, among 1000 other things, using a 25 year old computer program (ahh, ms-dos days!), I have some sports schedules that have to get out, I have a pile of referee reports, I am getting behind on some editorial duties, and I still have aspirations of publishing something myself once in a while.   But I try to be helpful in the review process:  I recognize how important these are for people’s careers.  This was the proposal too far, however:  the title did not seem particularly relevant, and contained words that I am naturally suspicious of.  But it couldn’t hurt to check it out and see if I might have some unique insight that might be useful.

I go to the funding agency’s website, and find that I have to create an account to view the proposal.  No problem:  account creation is one of my skills.  But I was stymied by the password requirement:

The password must follow these rules:

  • Must be at least 10 characters long
  • Must contain at least two capital letters
  • Must contain at least two lowercase letters
  • Must contain at least two numbers
  • Must contain at least two special characters: ~!@#$%^&*()_-+={[}]|:;>,<.?

Ummmm….. let’s see.  I certainly can type in some nonsense that I can’t possibly remember, hoping that the reset simply goes to my email account (which has a pretty good password, but not one that meets those requirements).  Or I can … “Thanks, but my schedule precludes my taking on more at this time.”  Really… my reviewing of a funding proposal requires this amount of nonsense in a password?

xkcd, as it often does, got it right (I believe the 2^44 comes from choosing 4 of the 2000 or so most common words):

{ 2 } Comments

  1. Paul Rubin | August 18, 2011 at 4:53 pm | Permalink

    Think in terms of memorable phrases, as in:

    Are you m0r0ns SERIOUS??

    Seems to meet all criteria.

  2. Greg Glockner | August 18, 2011 at 5:02 pm | Permalink

    This is exactly why everyone should be using a password database system. I’ve been meaning to blog about this sometime. (Though this has very little to do with OR though).