Add to Google Reader or Homepage |
~ pjvenda / blog
$home . blog . photography

01 November 2007

Curious warning message: password too secure?

This happened just a couple of weeks ago. I was trying to log in to some remote host to which I haven't connected for some time. So my password had expired and I was asked to change it. Fine. But after changed it, I got this warning saying that my password may be too complex for older windows systems.

"The password is longer than older versions of Windows, such as Windows 98 or Windows 95, can use. Press Cancel to enter a new password, or OK to proceed with this password." - Click on the screenshot to enlarge.

This is a warning message, so I am explicitly being made aware that my password is too strong. Knowing that the host is (a) running Windows Server 2003 and (b) not in a domain, let's consider this message for a moment - let's think about the possible meanings of it:
  • Should I choose a simpler password because I may access some service on one of these "older" systems with my current credentials?
  • Should I choose a simpler password because I may access this service from one of these "older" systems with my current credentials?
I understand that this is a result of a forever-standing compatibility policy. But let's be a bit realistic... Windows 98 or Windows 95? Who, in their right mind, would use Windows 95/98/Me in whatever corporate environment that absolutely requires inter-(windows)-system compatibility even in very controlled and very internal networks??

Sorry for bashing on Microsoft again, but this is just plain silly.
I know that I am given the choice of keeping compatibility or not, but that fact itself tells me that Windows 2003 Server retains compatibility with such older systems.

Security systems evolve because older ones are found insecure and thus made obsolete. This kind of warning message just leaks that Microsoft prioritises retro compatibility over breaking older APIs, even if important security enhancements are at stake. I guess it is just better for business.

Cheers, PJ.

No comments: