Consider the sequence of communications below between a user and a server during
ID: 3753947 • Letter: C
Question
Consider the sequence of communications below between a user and a server during password set-up phase. What exactly is the reason as to why the user is frustrated? In other words, what should a good security administrator do to prevent such problems (which happens a lot in practice)?
SERVER: Please enter your new password.
USER: cabbage
SERVER: Sorry, the password must be more than 8 characters.
USER: boiled cabbage
SERVER: Sorry, the password must contain 1 numerical character.
USER: 1 boiled cabbage
SERVER: Sorry, the password cannot have blank spaces.
USER: 50bloodyboiledcabbages
SERVER: Sorry, the password must contain at least one uppercase character.
USER: 50BLOODYboiledcabbages
SERVER: Sorry, the password cannot use more than one uppercase character consecutively.
USER: 50BloodyBoiledCabbagesYouStupidIdiotGiveMeAccessNow!
SERVER: Sorry, the password cannot contain punctuation.
USER: IWillHuntYouDown50BloodyBoiledCabbagesYouStupidIdiotGiveMeAccessNow
SERVER: Sorry, that password is too long
…..
Explanation / Answer
The above condition will happen in may time because the user is not aware about the password policy of the server / organization.
To avoid this the administrator should give the hints to user, it may be below,
- In the password reset page or console we cane print the policy.
In the above example the hint should be for the user
- Password should be minimum of 9 characters
- At least one number
- At least one upper case letter(No consecutive)
- At least one lower case letter
- Password can be maximum of 50 character