Relief from DFAS password-mania
If you have a myPay account (if you’re a military retiree or on active duty) and you have to check your pay statement occasionally, or download your 1099, you know what a pain-in-the-ass it is to set passwords at that website. Well the Defense Finance and Accounting Service is loosening some of it’s restrictions on passwords there, according to a link sent by Chief Tango to the Stars & Stripes;
Beginning Saturday, the site will allow shorter passwords that expire less often, permit additional personnel to access their pay statements online and provide additional statements and options to certain personnel.
Passwords will have to be only nine characters long rather than 15, but they still need to contain a combination of upper and lowercase letters, numbers and symbols. New passwords will expire every 150 days instead of 60.
Category: Military issues
It’s about time. Was on there last month and got a message my password will expire in 9 days, would you like to change it. Might as well while I’m here. Got out a piece of paper and started to write down symbols, CAPS, numbers and finally got 15 in a row. There is no way I will remember it. Changed it. Logged back in and it STILL told me that my password will change in 9 days. So in 9 days will see if I have to go crazy again.
What’s with these people, as you get older you start to forget things NOT remember more things. I have passwords for my bank account, emails, eBay and many others, DFAS is the only one that you have to sit down and write it out, cause it has to be so long, with symbols, numbers and CAPS.
That 15 character password is a royal pain in the ass. From my work computer I should be able to log in CAC/PIV card… but I am betting that would just be impossible considering past attempts to get DoD and VA to “speak” across the networks in the past.
I do feel for you guys having to do this. When I was doing contract telecommunications, I worked at the Umatilla Army Chemical Depot in Oregon. Where they were destroying all the old chemical, nerve agents and mustard gas that had been stored there in bunkers for decades. I remember having to have an AKO account then, I had to keep a log in Notepad because they expired my password so often and it had to be 15 long and all the usual. Plus it could not be close to your last one or one you had used before. Really had to get creative sometimes. But then the memory would go and I would have to reset it…again. That’s when I started the Notepad log of old passwords. So, I’m glad something better is going you folk’s way.
To make things even more confusing, to reset your password, you had to request tech support. Most sites would send you a link to your email, you would have to click on it and enter your new password. NOT DFAS, you have to call an 800 number and wait and wait and wait. Then they ask you questions about yourself. The sad thing is the Army did away with my MOS 82C. So I get that one wrong everytime. NOW, they can’t help me. My new password will be sent “snail mail” to me. Gimme a break.
I almost exclusively log in via CAC from work or home and never remember what my password is anyway. I can’t remember the last time I actually used the password to log in.
If there’s any “best practice” that I hate the most in information security, it’s password expiration. That said, if you can use one, a good password manager will help a lot with dealing with stuff like this. I personally use Lastpass, but there are a few other reputable ones (1password for mac, passwordsafe, keepass). They generally are good at the main issue of not only having to remember a long password, but typing it in. I’d imagine not an option for this at all, sadly, but for the rest of your online life, I strongly recommend it.
From back in 2012, as to the sad state of passwords: http://arstechnica.com/security/2012/08/passwords-under-assault/