Struggle in Making an AESDirect Password

Print This Post Print This Post

By: Kenny Soo

After a long week of work, I like to sit back and do a jigsaw puzzle. My friends tease me for liking it, but I enjoy the struggle of putting together a 1000 piece puzzle.

Beginning a new puzzle is painstaking but the excitement and relief that comes after finishing the puzzle, without having to pound the pieces in, makes the struggle all worth while. This process of struggle and relief is very similar to creating passwords for the AESDirect account.

On October 2008, the AESDirect system boosted its security measures to meet the standards of the Federal Government. One of those initiatives included making passwords harder to crack, which in turn made the words more complicated to create.

The password now requires AESDirect Password Requirements

  • at least one uppercase,
  • one lower case,
  • one number
  • one special character (!#$%).

For most people who use the same password for their e-mail, Facebook, and bank account, remembering and making a password with this level of complexity is daunting. Especially after they read through the list of restrictions.

Commonly, the error for “no dictionary words” occurs. I would simply suggest that everyone just avoid using any vowels and even the letter “y”.

The AESDirect Password can be a pain to make. But think about it this way, if you have a flimsy lock on your safe, it’s not really going to protect you from a motivated robber. If you spend a little time making your lock strong and durable, you’ll be much better off when that robber comes a knocking.


(Visited 1,279 times, 1 visits today)
This entry was posted in Export Filing. Bookmark the permalink.

17 Responses to Struggle in Making an AESDirect Password

  1. Lynn says:

    You are SO right, the noise coming from my desk lets my co-workers know it’s AES password time!
    I don’t use AES daily so I’ve had to write down my password or I can never remember it. Not very secure I know but I’m afraid I will hurt somebody if I have to redo my password each time! LOL!

  2. Laurie says:

    One of the ways someone told me to do a long password is come up with a sentence and use the first letters of each word. This helps in remembering the password.

  3. Bill says:

    I have to tell you I am really getting frustrated with the password requirements for AESdirect. The security questions add to the mess. Its not like we are building secret nuclear missiles and need this aggravation. Where is choice in life today? Gone with excessive bureaucratic government controls.
    I am a one man exporter, and having to go through this pain every sixty days is more than a pain. Speaking to anyone at AESdirect is twice the pain. They are nothing but robots.
    Does anyone care to listen? Please I beg of you if anyone here reads this try and change the system
    Thank you

  4. Global Reach Kenny says:

    Dear Bill,
    I hear what you are saying and I know exactly how you feel. As a federal employee, I go through the same process in making passwords for my computer login and my internet login. I, too, get frustrated with the complexity and the requirements of the password. As you know, AESDirect is a program funded by the Commerce Department and as a result, it must adhere to the same Commerce Security Policy as any other program. I know that may sound ridiculous to you, a one man exporter, but that’s just the name of the game.
    The security level for your password and account is law and is here to stay. I can help you alleviate your frustration by easing the process of creating passwords. For example, think of a phrase that’s memorable, then take out all the vowels, add in some numbers, and top if off with a special character.
    You are right, we aren’t guarding missiles, but we are guarding Personal Identifiable Information which is something the Census Bureau takes very seriously.

  5. Bill says:

    Thanks for your reply Kenny. I dislike when I read that something ” is here to stay” it shows how inflexible and doomed we are. I wonder about the thought process and discussions that went into this, and what it would require to have someone take another look at it?
    How about making it every 90 days or better yet give the user an option on frequency to change it? Is that too complex or difficult a request?
    I would wager a bet that we are paying someone to do nothing more than process incoming faxes to reset passwords.
    I guess anything to slow and impede commerce is typical these days.
    Thanks again for the time

  6. Global Reach Kenny says:

    If you want to read more about the Computer Security Guidelines, check out NIST’s website, NIST, the National Institute of Standards and Technology, developed the security measures that we must follow.
    Extending the password expiration term may be possible. I’ll bring up the idea to our supervisors and our security liaison. Giving users the option to change the frequency may be beyond our means. Again though, I’ll bring the suggest to their attention.
    In terms of your paper requests for passwords, one of our co-workers worked to get the password recovery to be an online process. Currently, the only paper requests for password are for the Account Administrator who get locked out. We’ve also added a counter so you know how many attempts you have left as well as increase the number of attempts you are in the given time frame (originally 1 hour, now 15 minutes).
    I appreciate your questions and comments. This dialogue needs to be taking place. A lot of people ask why our passwords are so hard and basically, it’s to protect their information. If we can make AESDirect easier for users without sacrificing security, then we are all for it.

  7. Bill says:

    Been away for a while then PC crashed so using backup for now. Thanks again for your reply and any help is appreciated. Came across this article today which I whole heatedly agree with it.
    (Link Removed – “Please Do Not Change Your Password” on
    I will write NIST just for the heck of it, but knowing government bureaucrats I dont expect much of anything
    Wonder how many people like me even know about this web site and this conversation?
    Thanks again

  8. Tony Becker | says:

    Managing your online passwords is becoming increasingly difficult, especially when you think of all the web sites we visit. One easy way is to use one of the many available password managers, some of them are even free. You can choose from popular iPhone apps, apps that install on your thumb drive and your computer.
    Here is a free password manager I use: KeePass
    I created an easy to use AESDirect password generator.
    I hope you find this information helpful.

  9. Global Reach Kenny says:

    Thanks for the tip. This is the first time I’ve ever heard of KeePass. I’m reading about it on Wikipedia, Professionally and personally, I do have a lot of passwords to remember so the idea of having an app to manage them all that is great.
    I think it is very to discuss this type of application, especially if some people are currently or will potentially use it. In addition, I am a novice to these password sites/apps and cannot credibly comment on the security, the useful, or the ease of the KeePass or the similar sites.
    Maybe someone from the trade can help educate me and the other potential users on the risks and benefits associated with using these passwords site!
    Global Reach Kenny

  10. Global Reach Kenny says:

    I, too, apologize for the delay. I’ve been on a two month detail with the International Trade Administration for the National Export Initiative. Our blog team is currently revamping our marketing strategy to spread the word out. Our office just sent out a broadcast message to all of our email subscribers, we are going to get on twitter, and also have guest bloggers. We are also hoping that people pass us along to other users. Any other suggestions? Did NIST reply back?

  11. Bill says:

    Hi Kenny,
    Long time since I stopped by. Not a word from those people so I cant bother fighting anymore. Getting too old 🙂
    I had actually found a cool way around it which has been working for me, but I would prefer not to share it cause they may change and block it from being done. I saw the link for the password generator you created and will keep it handy if I get stuck with my method
    Thanks as always for your time

  12. Bill says:

    Back again. Was out of town for a week and because I was not able to log into account it has been disabled.

    Can someone please exercise some sense into the operation of AES? Logging in every 30 days is just another hindrance and obstacle to trade and getting work done. I am a small exporter and the rules and regulations of AES is becoming more onerous. Who thinks up these regulations?

    Our country is under great pressure to create employment and get the economy moving and at every turn another obstacle is placed in our way. Please I beg you reduce these obstacles for us and let us work

    thank you

  13. Chris Wycliffe says:

    Customer support at stinks! First if you don’t log on every 30 days to change your password your account will be disabled. Then you have to send them a fax to reactivate your account and wait for them to call you back. If you get inpatient and call them, they will put you on hold, then come back on the line and say, “Yes, we have received your fax and will call you back when we get around to it.” I wish the cranks who work here would treat the taxpayers who fund them with more respect, that’s all. End of useless rant, but I feel somewhat better now.

    • Global Reach Paul says:

      ​We are sorry you received less than satisfactory customer service from our AESDirect Technical Team. We will contact the AESDirect Project Manager and share your comments with him so in the future better customer service will be provided to all AESDirect users.

  14. susan doel says:

    AESDirect is ridiculous. Instead of constantly irritating your clients, and costing the tax payers who knows how much money to run an antiquated system from the 1950’s, just do what Bank of America does – move into high tech security using the Iphone.

    Bank of America lets me send large amounts of money to Asian Vendors using a simple security check on a pre-approved account, by texting my phone instantly with a 5 digit code that is only good for 5 minutes, which is typed into the website. 2 seconds later, DONE.

    I have spoken to lots of AESdirect customer service people , they say “yes we get complaints all the time, there is nothing we can do about it. Even our boss says there is nothing he can do.” And this has been going on for 20+ years or more…….endless circles within circles.

    The even more frustrating part is that after passing the AESDirect online timed test, jumping through endless ID’s and Passwords the information on the AESDirect label has LESS information than is required by USPS !

    We are doomed if this is how Government agencies are run, how can we change this ? Who do we contact besides the agency who is unable to help itself ? ?

  15. Global Reach Stephen says:

    @susan doel, As you can read from Kenny’s comments with Bill earlier, this can be a frustrating process for all of us. In today’s world we have to deal with having passwords for just about everything and it’s near impossible to remember them all. To answer your question about who to contact I would suggest reaching out to NIST Computer Security Guidelines @ As a bit of light – moving into the ACE platform has allowed us to loosen this requirement a bit, you can read more about that information at .

    • susan Doel says:

      Stephen thank you for the NIST Computer Security Guidelines @ email address. I will contact them in hopes that our voices are heard by those that can actually make some changes.

      As a small business owner the only way to avoid using the AESdirect website is to split up my vendor’s orders, so the value is under 2500.00 on each package. Costs me an extra 60.00 each time but in all honesty well worth the money to save the time and emotional frustration wasted on AESDirect. I can then put my efforts towards growing my business.

Leave a Reply

Your email address will not be published. Required fields are marked *