Unusual Password Limitation

Today I came across a limitation on my complex password.

I have a 14-character password with upper, lower, numeric and spacial characters that I attempted to use in a program this morning.  This program is essentially a GUI for another program which takes an XML file as input.

The underlying application attempted to interpret my password, which was enclosed in “double quotes”.  See, my password has the special character % followed by a lower case letter (which I am representing by the character _ in this post).  So, the program determined that the %_ must be a variable and would not proceed because I didn’t provide a value for the variable!!

So, from this, I have a new lesson: Understand the limitations of the application(s) using your password.

Before going to change my password, I determined how big an impact both keeping and changing the password would be.

  • There are three systematically different front-ends which operate over the same back-end in slightly different ways.
  • Only one of these has the deficiency/limitation
  • Only a subset of the limited application is impacted
  • I can use the other front-end tools to minimize the impact of the limitation

I therefore concluded that I can keep my current password without severely impacting the job at hand.

This post was written to explain that as great as a password may appear, there is always the potential for it to not work as anticipated in all situations.  Take time when creating your passwords and evaluate the need to change them when you come to a road-block!

Mobile blog post!

Today I decided to walk away from my desk with nothing but my sunglasses and my Motorola Cliq XT. So, what can I do remotely?
Well, I can blog because I downloaded the wordpress app for Android and setup “Jaime’s Online Password Security Blog”. I elected to save my WordPress credentials on my phone because I have other security measures in place to prevent unauthorized use. I also am using 3G not a public wifi hotspot, so my vulnerability level is no different on WordPress than it would be on anything else I choose to do on my phone.
Along with security we must also balance risk… I am also willing to have my twitter profiles @ssjaime and @OnlinePwordSec on my phone. I use those accounts often enough to feel comfortable putting them out there on the 3G network.
This blog post was a bit of an experiment too… I wanted to see how it would be received!

Hope you enjoyed and please comment.