Skip to content

Passwords and Reviewing

I was asked to review a proposal today.  Right now, I am feeling a little overwhelmed:  I have a new administrative position (“Senior Associate Dean, Education”) which involves, among 1000 other things, using a 25 year old computer program (ahh, ms-dos days!), I have some sports schedules that have to get out, I have a pile of referee reports, I am getting behind on some editorial duties, and I still have aspirations of publishing something myself once in a while.   But I try to be helpful in the review process:  I recognize how important these are for people’s careers.  This was the proposal too far, however:  the title did not seem particularly relevant, and contained words that I am naturally suspicious of.  But it couldn’t hurt to check it out and see if I might have some unique insight that might be useful.

I go to the funding agency’s website, and find that I have to create an account to view the proposal.  No problem:  account creation is one of my skills.  But I was stymied by the password requirement:

The password must follow these rules:

  • Must be at least 10 characters long
  • Must contain at least two capital letters
  • Must contain at least two lowercase letters
  • Must contain at least two numbers
  • Must contain at least two special characters: ~!@#$%^&*()_-+={[}]|:;>,<.?

Ummmm….. let’s see.  I certainly can type in some nonsense that I can’t possibly remember, hoping that the reset simply goes to my email account (which has a pretty good password, but not one that meets those requirements).  Or I can … “Thanks, but my schedule precludes my taking on more at this time.”  Really… my reviewing of a funding proposal requires this amount of nonsense in a password?

xkcd, as it often does, got it right (I believe the 2^44 comes from choosing 4 of the 2000 or so most common words):

{ 2 } Comments

  1. Paul Rubin | August 18, 2011 at 4:53 pm | Permalink

    Think in terms of memorable phrases, as in:

    Are you m0r0ns SERIOUS??

    Seems to meet all criteria.

  2. Greg Glockner | August 18, 2011 at 5:02 pm | Permalink

    This is exactly why everyone should be using a password database system. I’ve been meaning to blog about this sometime. (Though this has very little to do with OR though).

Share Your Views!

Your email is never published nor shared. Please do not enter non-operations research websites: just leave blank if not OR. COMMENTS WITH NON-OR WEBSITES WILL BE MARKED AS SPAM AND DELETED! Required fields are marked *