These things drive me nuts, especially with a short expiration time, crazy character /word requirements and the fact that I can’t reuse any of the last 10 passwords.
I have to access an outside company server for my job, and the above is the password policy. I’m going to be working on this project for a year and a half, and will, by this policy, require six different passwords throughout the project. Nevermind that another system I must use has similar requirements, but with different password strength requirements, so I can’t really reuse passwords between groups. Then there’s the fact that on the first system, I have to CALL someone to reset the password. Yes, that’s increasing security. :rolleyes:
Don’t people realize that when you require very strong passwords (which I’m fine with…I have a few very strong passwords I tend to use, which are very difficult to crack, but also easy for me to remember), but require constant changing of them, it makes it nearly impossible to remember the password for these systems…so what do I have to do? Write it on a post-it and leave it in my desk…thereby completely destroying any security the system purported to have.
Make me have a strong password, then let me keep the damn thing! If you must reset occasionally, make it yearly or something, not every couple months. I’ve now got two post-its for these two servers because I have to keep changing the password. Arggghhhhh…