New record in ridiculous password rules

The US Treasury wants to show how much they care about security. To show how much, here are their password guidelines:

Must be at least 8 characters long.
Must contain at least one uppercase letter.
Must contain at least one lowercase letter.
Must contain at least one numeric character.
Must contain at least one special character.
Must not have more than two repeating characters.
Must not repeat any of your last ten passwords.
Must not have been your password in during the last ten days.
Must not be a word in a language, slang, dialect, or jargon.
Must not be related to personal identity, history, environment, or other personal associations.

(No idea how they can enforce the last rule). But here’s the kicker. The last rule is:

Must not be shared or displayed in plain view.

Of course not, because you will be able to easily memorize it based on the rules above.

Here’s a hint for someone trying to break into one of their accounts: THE PASSWORD IS ON A POST-IT NOTE IN THE TOP DRAWER.

When will they realize a simple password is so much more secure?

Share