The Lemon Fool

I have just received a letter from Computershare telling me about the Octopus Titan change to them as registrars and I thought I would check my account to see if it was all OK. They are however upgrading their password requirements to include special characters (+!?{}()[]....) and they emailed me a temporary password to my registered email address. Just be aware that this took a good several minutes to arrive so dont log on if you are in a hurry.

Titan showed up there a few days ago. Saw it when I logged on for the Foresight merger votes.

They seem to be OK with my password.

I was surprised as I usually have 12 - 16 chars with numbers in most of my 'serious' passwords as was this case. But they want 8 to 20 chars with cases , two numbers and a special (!£$&()....). I guess that yours (UncleE) is the highest spec. I have noticed the use of special characters creeping in from the states these last years. Oddly I have encountered some sites where they cause the logon to fail in some way and cannot be used. I am never sure whether these extra precautions are useful in cyber security , I thought that cyber attacks were done in other ways. (?)

I also found myself having to change my computershare password - so I modified the case of a letter and added a special character.
My personal thoughts on security - I didn't think it was the cleverest piece of security sending me a temporary password by plain text email, after I had logged in with my old password. Why didn't they simply ask me to change my password while I was logged in?
And variable case and special characters are designed to make passwords much less easily remembered - so inevitably they will get written down, and will be significantly less secure. Much the same comment applies to organisations who insist on a regular password change.

Karellan wrote:I was surprised as I usually have 12 - 16 chars with numbers in most of my 'serious' passwords as was this case. But they want 8 to 20 chars with cases , two numbers and a special (!£$&()....). I guess that yours (UncleE) is the highest spec. I have noticed the use of special characters creeping in from the states these last years. Oddly I have encountered some sites where they cause the logon to fail in some way and cannot be used. I am never sure whether these extra precautions are useful in cyber security , I thought that cyber attacks were done in other ways. (?)

If you google the phrase "Correct horse battery staple" you'll find an essay or two on the subject.

If you look for the Milagro project, or the Octopus investee Miracl, you'll find a better solution.

scotia wrote:My personal thoughts on security - I didn't think it was the cleverest piece of security sending me a temporary password by plain text email, after I had logged in with my old password. Why didn't they simply ask me to change my password while I was logged in?
And variable case and special characters are designed to make passwords much less easily remembered - so inevitably they will get written down, and will be significantly less secure. Much the same comment applies to organisations who insist on a regular password change.

Hehe. Saw that when I tried to post the above. You're absolutely right: passwords are a mess.

I wonder if any of this is motivated by the news of Yahoo's billion-accounts data leak? I blogged on that yesterday with thoughts on another piece of "security" that's not fit for purpose: https://bahumbug.wordpress.com/2016/12/ ... le-secret/

Hi

I quick tip my work gave me, include a £ - apparently its not normally included on a Russian keyboard.

Yes lots of password alternatives out there.

Ramage