I’ve finally found a password policy I can live with!

  • Minimum length 8 characters
  • Not in any dictionary.
  • No word or phrase bearing any connection to the holder.
  • Containing no characters in the ASCII character set.
  • No characters typeable on a Sun type 5 keyboard
  • No subset of one character or more must have appeared on Usenet news, /dev/mem, rand(3), or the King James bible (version 0.1alpha)
  • Must be quantum theoretically secure, i.e. must automatically change if observed (to protect against net sniffing).
  • Binary representation must not contain any of the sequences 00 01 10 11, commonly known about in hacker circles.
  • Be provably different from all other passwords on the internet.
  • Not be representable in any human language or written script.
  • Color passwords must use a minimum 32 bit palette.
  • Changed prior to every use.
  • Resistant to revelation under threat of physical violence.
  • Contain tissue samples of at least 3 vital organs.
  • Incontrovertible by OJ Simpson’s lawyers.
  • Undecodable by virtue of application of 0 way hash function.
  • Odorless, silent, invisible, tasteless, weightless, shapeless, lacking form and inert.
  • Contain non-linear random S-boxes (without a backdoor).
  • Self-escrowable to enable authorities to capture kiddie-porn people and baddies but not the goodies (“but we’ll only decode it with a court order, honest”).
  • Not decryptable by exhaustive application of possible one time pads.

That should cover it all, right?

A user rushed into his cube, quickly typed his credentials, and was told that his password was invalid. He sat down, entered his password again, and it was fine. Curious, he logged out, stood up, and tried again. No access. When he was standing up, logging in always failed. When he was seated, he always succeeded.

How could the computer possibly know whether he was standing or sitting?

It turns out that somebody had switched a couple of the (physical) keys on his keyboard as a joke. When the user was standing at the keyboard, he used “hunt-and-peck” typing. When he was seated, he was touch typing.