I just logged onto my 401K account, in preparation for some big changes that I will be blogging about in the next few days (all good stuff). When I logged onto the site I was told that the log-in process will be changing and I was asked to pick a new user name and password. So far so good, but here comes the hassle. The user name must contain at least 6 characters at least one of which is a number and one of which is a letter. The password must contain 8 characters, using the same rules.
None of my standard passwords meet all of these criteria, and here you go. Another password I must now remember. Of course the upshot of all of these complicated passwords is less, not more security. For example, my company requires employees to create 8 character complicated passwords that change every three months. As a result, I can never remember my password (or don't trust myself to remember it) and so I wrote down the password and taped it to the wall of my office. Wouldn't it be more secure to let me select a password I could actually remember?
I don't know about you, but I have accounts with about 10 financial institutions (between 401k's, bank accounts, brokerage accounts, IRAs, 529s and so forth). I also have multiple user names and log-ins for other services. With each of them perpurting to becoming more secure and imposing tighter restrictions on password selection, the overall result is less security as I am forced to leave a paper record of log-ins that others can follow.