Tales from the Crypt (Support Desk)

Jonathan Lobl, Sr Security Engineer
Blog Image

Learning things from other’s mistakes

Horrifying Passwords

Gather ‘round, kids. Time for some scary tales from the support desk, just in time for Hallowe’en. The Crypt Keeper has heard your many tales of horrible user passwords from far and wide.

Tales of TMI

One user, eager to go to lunch, insisted on telling IT Helpdesk their password. The user insisted this was absolutely necessary so the technician could work on their computer, reboot, and continue to work on it as the user. Not only should sharing your password and walking away never happen, but their password was also “HOTMAMA”. T-M-I.

Kids, there should almost never be a reason to tell another person your password. When giving your password to someone is the only option, you should be immediately be forced to change your password once the task is complete.


Sometimes people ask me, “What makes a good password?” If I’m in a joking mood, the answer is “*********”.  I tell them that all those asterisks freak out the people that install the key-loggers … and that attempted scammers don’t know if it’s encrypted or not.


All kidding aside, traditional wisdom says that long passwords with numbers and symbols which don’t make common words are the best. This helps stop brute force password crackers decoding your password before your next password change.  These days, computers are able to do more, faster. The time needed to decode passwords is getting shorter.

Sweet Password Dreams

While technically “z$Ys0pw2b&l}xM” is a hard password to crack, it is also impossible to remember. That’s why many security experts will recommend one or more of the following:

  1. A trusted password safe application to create and store unique and complex passwords for each site
  2. Multi-factor authentication, a system that requires you to confirm your identity multiple ways at best, and notifies you of new logins
  3. A long password composed of multiple words that are memorable to you, but do not follow in normal conversation. Like “Correcthorsebatterystaple”. ( See https://xkcd.com/936/ ) (Also, don’t use Correcthorsebatterystaple and that is much more common after that comic came out)

Passwords don’t have to be a nightmare. Simple planning and organization on your part can make things easier and more secure for you and your organization.