“I have an inappropriate password.” The user telling me this, was stunned that anyone would notice.
An inappropriate password would be something like
- password
- qwerty
- 123456
But this particular Law Enforcement Agency (LEA) took it once step further. Swear words were considered inappropriate as well.
So a password like “LazyTrucker” would earn you a call from the LEA IT group.
(as an aside, someone should update the Monty Python song, “I Bet You They Won’t Play This Song On The Radio”, can’t use naughty words for passwords either.)
The tool the IT group were using was L0phtCrack.
Now I don’t know what the LEA IT group were trying to achieve, apart from giving me something to write about.
The irony of it all, was that they had the technology to prevent inappropriate passwords, and it is called Strong Password Functionally, and was available since Windows NT4 Service Pack 2.
Innapropriate password? I am guessing it was one the user would not ever forget..which makes it use-able for them!
True. The downside is that on occasion we do ask users what their password is, and “Hotandbothered1″ makes for interesting times.