Friday, November 21, 2008

Password Arms Race

The overly paranoid Synopsys Solvnet's insane new password rules highlights what I also found to be ridiculous new password requirements for SolvNet.

I get the feeling that companies with customer web sites are viewing "password ridiculousness" as a measure of how valuable their site content is. Come on, it's just a knowledge base! If the user gets the password wrong after three tries, lock them out. Other than that, why make the password like a nuclear launch code?


John said...

Not only that - how about:

"For security reasons you will be asked to re-validate your email address every 60 days. To verify that the email address with which you registered is still valid, your account will be de-activated and you will be asked to input a confidential key sent to your registered email account.This will happen every 60 days."

Seriously - I run into his one about every 3 months, because I don't use Solvnet much...

Aditya Ramachandran said...

before, if you use "forgot password", you'd get something like 6-8 alphanumeric characters. now, I just got a password of 15 characters (upper case, lower case, numbers symbols, the kitchen sink). thank god for cut and paste...

Philippe Faes said...

Hi John,

We've decided to swim against the flow and open up our documentation completely. I'm sure we cannot influence the big three EDA vendors, but we don not feel bound by the EDA industry culture.

kind regards
Philippe Faes,
Sigasi CEO and founder