I once had to change a password for a professional society website, coming up with one that was equally insulting though a bit less scatological.
I later experienced a problem accessing important info stored on the site, had to call a support person at the organization and she requested my password to fix it.
Luckily she had a good sense of humor.
I’d be so embarrassed to share my passwords with someone random. Most of them are nonsensical goofy meaningless phrases that make me happy in some way. They are profoundly silly. I am profoundly silly. But I like to keep that on the d/l until people get to know me.
All of my Microsoft-related passwords are scatological, after the 57th time they forced me to change passwords (and you could never, ever re-use anything)
They apparently don’t force password changes as much any longer, because I don’t think I have had to change my password once since switching to Windows 10.
Apple’s security stuff has worked well, so I guess I’m lucky.
But our work IT geeks seem to realize they have power over others for the first time in their lives, so they flex it by requiring complicated password changes.
And of course they don’t tell you that they’ve changed the password requirements (so you need a symbol, a capital, an alt character, a prime number, and an ampersand)… they just say “Password rejected, too weak”, so it takes a dozen tries til you stumble on the right combination.
Or once, when I was suddenly locked out of my email and stormed into the IT office in person: “Oh, your password (that’s been working for months) is too close to one you used before.” It was ten years before, sheesh!
Yeah, us IT geek pipsqueaks are finally getting our revenge on all the dumb jocks by making you struggle to come up with a password.
No kidding. You’d think that it’s a big secret that security matters and that there are some bad actors trying to get into stuff, and your password that has your birth year and dog’s name isn’t something you should hang onto for 20 years and use for everything.
But I spelled it Phydeau and lied about my age…
Point taken, and big thanks to anyone who’s making our data and identities safe.
But don’t tell me I have to change my strong password every [short-but-random time frame], then lock me out after a month because my new strong password is close to something I used a decade ago.
Yeah it’s good to be security conscious, but you also need to be reasonable about it. I’ve been frustrated by password requirements that make no sense.
At my agency, my administrator account as an IT person requires a minimum of 16 characters. I end up picking a song lyric and make that my password, with punctuation and spaces included. It’s easy to remember and extremely complex and long.
For fun, try this web site to see how complex your password is and how hard it would be to crack it:
Our own security team recommended it to us. My current admin password at work says:
“It would take a computer about
42 SEXTILLION YEARS
to crack your password”
So I feel that it’s relatively secure. 
And not to be dumb about it. If you insist on too-frequent password changes, many of them will end up written on post-it notes and stuck on the computer screen.
Uh, seriously? No, I’m not going to enter any of my passwords into some random web site.
Suit yourself. I think that’s being absolutely paranoid because there’s no way to tie it to anything to be a security concern. It’s not like you’re including your username and the context of the password. There is no actual risk in doing this but nobody is forcing you to.
Even if it were true that “there’s no way to tie it to anything”, the website could at a minimum be entering the passwords into a database to be used when they later go around to various sites and try to do a mass break. Usernames are generally not secret nor very hard to guess. If you have a million passwords that you KNOW to be valid and in current use, it’s fairly trivial to connect a good percentage of them to accounts.
But the premise that “there’s no way to tie it” is not true; the website certainly has your IP address and browser fingerprint in addition to your password, which could be used to identify you later. I have serious doubts about a “security team” that recommeded this, unless they wrote the website themselves. And the website output is stupid. The “42 sextillion years” output doesn’t mean anything without knowing how the attacker is trying to break your password. I suppose they’re just assuming a brute force trial of every possible combination of letters, but that’s not how most attacks work. If your password is based a song lyric, it will be broken much faster if the attacker has a database of song lyrics.
In my area, we are subject to both state and federal regulations that dictate a lot of what we do security-wise. We aren’t the ones making the rules. We just have to enforce them or get slapped during our audits. Our last major audit had about 140 slaps and so all of our folks hate us even though those 140 changes are because we have to.
You try dealing with GDPR, HIPAA, NIST 800-171, CJIS, upcoming CMMC, and on-and-on 
Hmm, yeah that seems pretty damn far-fetched to me.
And fuck you. I work for a government agency and our security office literally recommended it. You’re talking out of your ass.
Wells Fargo forced me to change my password a few years ago…to a shorter less secure one. If it aint broke dont fix it.
Well, if they told you that a month ago, now it’s only 41 sextillion, 999 quintillion, 999 quadrillion, 999 trillion, 999 billion, 999 thousand, 999 years and 11 months.
So don’t get too comfy…
…
eta: I joke around with our IT posse all the time. I would definitely send the guy who told me this an update every month…
Shit you’re right, I gotta add some characters to keep up.
25 undecillion years. That’s how long it would take a computer to crack:
Eeyoreisasillydonkey&61
^^^This. Oh, so this. My laptop crashed a week ago. For some damned reason, my Apple ID password, the one I’d faithfully recorded and never used, wouldn’t work. I now have a temporary password (Apple Support walked me through the process.) that’s good for a year, but I can’t reset my old one until April 24th. I have a big sign to remind me.
I still love Apple products, but the ID crap is the pits.
I’m with you on this. I went to the website but there’s no way I’m entering my password and IP address into some random database.