The subject of passwords is perhaps more complicated than most of us realise.
We will all have been faced with systems where there are no restrictions on password format and those where length, capitals, special characters etc are required (making life very hard to remember them all).
At present the GVO system required a valid email address and a password of your own choice to be used. If the password is forgotten the the 'forgotten password' option on the login screen can be used to generate a password reset link sent to the email address registered in the GVO.
See below for more interesting information and guidance about passwords.
Many systems implement arbitrary password strength controls, e.g. one capital letter, one digit, and so forth. These are generally regarded as counter-productive: if users have to come up with 16 character passwords with a mixture of alphanumeric and symbol characters, they tend to go with something that is memorable, but weak.
In other words, human nature leads to passwords like MyPa55word12345, rather than something more secure like jG-9^f33!j-kl0mn.
Most people focus, understandably, on a password, i.e. a single word made up of whatever characters they deem “secure”. However, as the saying goes:
Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.**
Most security practitioners believe it is more helpful to come up with a good pass-phrase. For example, something like this:
My grandmother enj0yed Parejo cigars
… is memorable for the user, but also pretty hard to crack with brute-force algorithms. GVO allows pass phrases.
In summary, the key elements of a good pass-phrase for GVO:
- Avoid personal information
- Don’t use the same phrase across different systems
- Don’t use school-specific information
- Don’t use common sayings or quotations
- Ensure there are at least four or five words in the phrase
** - taken from https://xkcd.com/936