Struggle in Making an AESDirect Password

Print This Post Print This Post

By: Kenny Soo

After a long week of work, I like to sit back and do a jigsaw puzzle. My friends tease me for liking it, but I enjoy the struggle of putting together a 1000 piece puzzle.

Beginning a new puzzle is painstaking but the excitement and relief that comes after finishing the puzzle, without having to pound the pieces in, makes the struggle all worth while. This process of struggle and relief is very similar to creating passwords for the AESDirect account.

On October 2008, the AESDirect system boosted its security measures to meet the standards of the Federal Government. One of those initiatives included making passwords harder to crack, which in turn made the words more complicated to create.

The password now requires AESDirect Password Requirements

  • at least one uppercase,
  • one lower case,
  • one number
  • one special character (!#$%).

For most people who use the same password for their e-mail, Facebook, and bank account, remembering and making a password with this level of complexity is daunting. Especially after they read through the list of restrictions.

Commonly, the error for “no dictionary words” occurs. I would simply suggest that everyone just avoid using any vowels and even the letter “y”.

The AESDirect Password can be a pain to make. But think about it this way, if you have a flimsy lock on your safe, it’s not really going to protect you from a motivated robber. If you spend a little time making your lock strong and durable, you’ll be much better off when that robber comes a knocking.

 

(Visited 325 times, 1 visits today)
This entry was posted in Export Filing. Bookmark the permalink.

12 Responses to Struggle in Making an AESDirect Password

  1. Lynn says:

    You are SO right, the noise coming from my desk lets my co-workers know it’s AES password time!
    I don’t use AES daily so I’ve had to write down my password or I can never remember it. Not very secure I know but I’m afraid I will hurt somebody if I have to redo my password each time! LOL!

  2. Laurie says:

    One of the ways someone told me to do a long password is come up with a sentence and use the first letters of each word. This helps in remembering the password.

  3. Bill says:

    I have to tell you I am really getting frustrated with the password requirements for AESdirect. The security questions add to the mess. Its not like we are building secret nuclear missiles and need this aggravation. Where is choice in life today? Gone with excessive bureaucratic government controls.
    I am a one man exporter, and having to go through this pain every sixty days is more than a pain. Speaking to anyone at AESdirect is twice the pain. They are nothing but robots.
    Does anyone care to listen? Please I beg of you if anyone here reads this try and change the system
    Thank you

  4. Global Reach Kenny says:

    Dear Bill,
    I hear what you are saying and I know exactly how you feel. As a federal employee, I go through the same process in making passwords for my computer login and my internet login. I, too, get frustrated with the complexity and the requirements of the password. As you know, AESDirect is a program funded by the Commerce Department and as a result, it must adhere to the same Commerce Security Policy as any other program. I know that may sound ridiculous to you, a one man exporter, but that’s just the name of the game.
    The security level for your password and account is law and is here to stay. I can help you alleviate your frustration by easing the process of creating passwords. For example, think of a phrase that’s memorable, then take out all the vowels, add in some numbers, and top if off with a special character.
    You are right, we aren’t guarding missiles, but we are guarding Personal Identifiable Information which is something the Census Bureau takes very seriously.

  5. Bill says:

    Thanks for your reply Kenny. I dislike when I read that something ” is here to stay” it shows how inflexible and doomed we are. I wonder about the thought process and discussions that went into this, and what it would require to have someone take another look at it?
    How about making it every 90 days or better yet give the user an option on frequency to change it? Is that too complex or difficult a request?
    I would wager a bet that we are paying someone to do nothing more than process incoming faxes to reset passwords.
    I guess anything to slow and impede commerce is typical these days.
    Thanks again for the time

  6. Global Reach Kenny says:

    Bill,
    If you want to read more about the Computer Security Guidelines, check out NIST’s website, csrc.nist.gov. NIST, the National Institute of Standards and Technology, developed the security measures that we must follow.
    Extending the password expiration term may be possible. I’ll bring up the idea to our supervisors and our security liaison. Giving users the option to change the frequency may be beyond our means. Again though, I’ll bring the suggest to their attention.
    In terms of your paper requests for passwords, one of our co-workers worked to get the password recovery to be an online process. Currently, the only paper requests for password are for the Account Administrator who get locked out. We’ve also added a counter so you know how many attempts you have left as well as increase the number of attempts you are in the given time frame (originally 1 hour, now 15 minutes).
    I appreciate your questions and comments. This dialogue needs to be taking place. A lot of people ask why our passwords are so hard and basically, it’s to protect their information. If we can make AESDirect easier for users without sacrificing security, then we are all for it.
    Kenny

  7. Bill says:

    Kenny
    Been away for a while then PC crashed so using backup for now. Thanks again for your reply and any help is appreciated. Came across this article today which I whole heatedly agree with it.
    (Link Removed – “Please Do Not Change Your Password” on boston.com)
    I will write NIST just for the heck of it, but knowing government bureaucrats I dont expect much of anything
    Wonder how many people like me even know about this web site and this conversation?
    Thanks again
    Bill

  8. Tony Becker | MyExportDocs.com says:

    Managing your online passwords is becoming increasingly difficult, especially when you think of all the web sites we visit. One easy way is to use one of the many available password managers, some of them are even free. You can choose from popular iPhone apps, apps that install on your thumb drive and your computer.
    Here is a free password manager I use: KeePass http://keepass.info/
    I created an easy to use AESDirect password generator.
    I hope you find this information helpful.
    Tony

  9. Global Reach Kenny says:

    Tony,
    Thanks for the tip. This is the first time I’ve ever heard of KeePass. I’m reading about it on Wikipedia, http://en.wikipedia.org/wiki/KeePass. Professionally and personally, I do have a lot of passwords to remember so the idea of having an app to manage them all that is great.
    I think it is very to discuss this type of application, especially if some people are currently or will potentially use it. In addition, I am a novice to these password sites/apps and cannot credibly comment on the security, the useful, or the ease of the KeePass or the similar sites.
    Maybe someone from the trade can help educate me and the other potential users on the risks and benefits associated with using these passwords site!
    Global Reach Kenny

  10. Global Reach Kenny says:

    Bill,
    I, too, apologize for the delay. I’ve been on a two month detail with the International Trade Administration for the National Export Initiative. Our blog team is currently revamping our marketing strategy to spread the word out. Our office just sent out a broadcast message to all of our email subscribers, we are going to get on twitter, and also have guest bloggers. We are also hoping that people pass us along to other users. Any other suggestions? Did NIST reply back?
    Kenny

  11. Bill says:

    Hi Kenny,
    Long time since I stopped by. Not a word from those people so I cant bother fighting anymore. Getting too old :-)
    I had actually found a cool way around it which has been working for me, but I would prefer not to share it cause they may change and block it from being done. I saw the link for the password generator you created and will keep it handy if I get stuck with my method
    Thanks as always for your time
    Bill

  12. Bill says:

    Back again. Was out of town for a week and because I was not able to log into account it has been disabled.

    Can someone please exercise some sense into the operation of AES? Logging in every 30 days is just another hindrance and obstacle to trade and getting work done. I am a small exporter and the rules and regulations of AES is becoming more onerous. Who thinks up these regulations?

    Our country is under great pressure to create employment and get the economy moving and at every turn another obstacle is placed in our way. Please I beg you reduce these obstacles for us and let us work

    thank you

Leave a Reply

Your email address will not be published. Required fields are marked *

*