Employees at Midlands-based insurance firm Steadfast Solutions were informed on Monday that the company’s password requirements have been updated to include mandatory references to at least three extinct species, one verse from the Book of Leviticus, and a minimum of two Cyrillic characters pronounced only during autumn equinoxes.
The new policy, which IT manager Graham Webber described as “the culmination of fifteen years of making everyone’s lives incrementally worse”, replaces the previous system requiring twelve characters, one uppercase letter, one symbol, a prime number, and the maiden name of a Victorian novelist.
Webber confirmed that passwords must now be changed every eleven days rather than monthly, cannot resemble any password used since 2004, and must be entered whilst maintaining eye contact with a printed photograph of the Chief Information Security Officer. Passwords will also expire automatically if typed with what the system determines to be “insufficient conviction”.
“We’ve worked very hard to create a security framework that absolutely no one can remember or comply with,” Webber said, gesturing to a seventeen-page PDF titled ‘Password Best Practices and You: A Living Document’. “The dodo alone appears in about forty per cent of current passwords, so we’re already seeing concerning patterns. We may need to mandate species that died out before the Cretaceous period.”
The changes follow an external security audit which determined that the previous password system, whilst monumentally inconvenient, did not sufficiently prevent employees from writing their credentials on Post-it notes affixed to their monitors. The new requirements are expected to necessitate slightly larger Post-it notes.
Jennifer Carr, a claims processor who has worked at Steadfast for six years, reported spending most of Tuesday morning attempting to devise a compliant password. Her initial attempt, “Quagga&Passenger-Pigeon&Mammoth19:18Ж”, was rejected for containing insufficient geological eras. Her second attempt was rejected for including a Leviticus verse the system deemed “overused”. Her third attempt locked her out of her account entirely.
“I’ve now got eight different passwords written in a notebook I keep in my top drawer,” Carr said. “I believe one of them contains a reference to the Tasmanian tiger and Leviticus 11:22, which concerns the eating of locusts. I honestly couldn’t tell you which system that one’s for. Might be the printer.”
Webber acknowledged that the new requirements may cause short-term disruption, particularly among employees unfamiliar with extinct megafauna or Old Testament dietary law. The IT department has scheduled optional lunchtime sessions covering lesser-known passages from Leviticus and a guided tour through the Holocene extinction event.
When asked whether the Byzantine password requirements might actually decrease security by forcing employees to write credentials down or reuse variations, Webber sighed quietly and stared at his desk for seven seconds.
“We’ve got a dedicated helpdesk line for password resets,” he said eventually. “It’s the one thing we know people can remember. They call it six times a day.”