WEDNESDAY WHINE: Mandatory Password Changes
29Apr2009 Filed under: Technology, Wednesday Whine Author: Ricky
Web security is good. It’s always nice to know that I can safely log in to a site and have my information easily accessible and yet still remain private. The method of security adopted by most sites is a simple username and password system, which, by remembering just two pieces of information, lets you pull up whatever private data you’re interested in retrieving. But not all sites are so simple, as a few require…
Mandatory Password Changes
I recently tried to log in to an account that I’ve had for over a year and suddenly my password no longer worked. It wasn’t that I had forgotten my password or that my password had been changed, it was that it was no longer valid. On purpose.
The company has a policy of invalidating passwords every so often as a “security” measure. It required me to select a new password that was not only different than my previous one, but also different than any of my previous five passwords (if I had that many). Instead of letting me into my account and simply recommending that I change it, it was forcing me to choose a new password immediately, otherwise I received no access.
While I completely understand that changing passwords every so often is a good idea, just in case someone managed to figure out your login information and you didn’t realize it. However, I let my Web browser save my usernames and passwords so I don’t have to remember them all, as I have many different ones and generally only access certain accounts from one or two particular computers. As such, I was unable to verify my existing password when it forced me to make a new one, as my browser didn’t know how to fill this form in. In other words, I had been shut out of my account as part of a scheduled “security” check. I found this to be incredibly annoying.
What if I had some urgent matter I had to attend to in my account and didn’t have time to deal with a password change? Shouldn’t I have some option of changing my password at my leisure? Or, better yet, shouldn’t it be my own responsibility to change it at all? If I want the same password for the rest of my life, shouldn’t that be my choice, not theirs? It’s like coming home one day and finding that all of the locks on my house were changed because I lost my key, but I can’t get the new key unless I unlock one of the old locks first. It’s a system that is flawed and I wish less sites required password changes at all. Recommend them to me, but don’t make me waste my time changing my password just because some company thinks it needs to be changed.
- Tags: Add new tag, change, login, password, requirement, username
8 Responses to “WEDNESDAY WHINE: Mandatory Password Changes”
Leave a reply
about.
distant creations is a blog about the world and more. the world is: amazing. amusing. creative. confusing. this blog is here to deliver the best and most bizarre of the world and beyond. from distant lands to your home town.
topics to be featured here include technology, movies, television, music, collectibles (mainly action figures), theme parks (mainly Disney), video games, and any other interesting or strange news that pops up in the world.
the name 'distant creations' originated when I needed a term to summarize my many projects. my creations encompass a wide variety of fields and areas and are thus deemed as 'distant'.
Recent Comments
Inside the Magic news.
- “New terrors are developing” with an update to Universal Orlando’s Halloween Horror Nights 2010 web siteAn update to Universal Orlando’s Halloween Horror Nights XX 2010 has opened a whole new section of the web site that promises “new terrors are developing,” showcasing Polaroid-style photos strewn about. The section is accessible by clicking the flaming lantern on the Halloween Horror Nights 20 home page. Out of the 14 pictures, only 3 [...]
- Tangled’s Rapunzel and Flynn Ryder to premiere at Walt Disney World’s Magic Kingdom in new “play and greet” in OctoberMove over Belle, there’s a new princess in the kingdom. Today Disney announced its upcoming Tangled film stars Rapunzel and Flynn Ryder will replace “Storytime with Belle” at Walt Disney World’s Magic Kingdom with a “play and greet” experience. Beginning October 15, Magic Kingdom guests will have a chance to not only meet and greet [...]
- Amazon.com’s August $5 MP3 albums include Pixar soundtracks and Disney hitsAmazon.com has released its August lineup of $5 MP3 album downloads including a big selection of soundtracks to popular Pixar films as well as other Disney releases from Disney Channel shows and beyond. Here’s a list with links to buy and download each album on Amazon for just $5. Click any cover to preview and/or [...]
- New “Soundsational” daytime parade headed for Disneyland in 2011 to include Tangled’s Rapunzel, live musiciansDisney announced today that a new parade called “Mickey’s Soundsational Parade” will be arriving at Disneyland in California in 2011. They revealed the artwork above, which offers a glimpse at the Disney films that will be featured in the parade including The Princess and the Frog, The Three Caballeros, Aladdin, The Little Mermaid, The [...]
- Female rocker “Sylvie” leads band My X as revealed icon for Busch Gardens Howl-O-Scream 2010Details for the previously-hinted “rock and roll” theme of Howl-O-Scream 2010 at Busch Gardens Tampa Bay have been revealed. This year’s theme surrounds a band called My X, fronted by female singer Sylvie (@SylvieMyX on Twitter). The Howl-O-Scream web site has been updated to include a downloadable song by My X and plenty of band [...]
- Main Street Electrical Parade to continue at Walt Disney World’s Magic Kingdom after Summer Nightastic endsCiting “overwhelming success,” Disney announced today that its popular Main Street Electrical Parade will remain at Walt Disney World’s Magic Kingdom theme park beyond the “Summer Nightastic” end date of August 14. Disney is now calling its run “open-ended,” meaning there is now plenty of time for future Orlando visitors to catch the classic [...]
- TRON: Legacy to feature a variety of 3D, cinematic and technological firstsThe latest trailer for Disney’s highly-anticipated upcoming sequel TRON: Legacy excited audiences at the San Diego Comic Con last week. Not only is it filled with plenty of geek goodness, but we’ve found out that the film is also packed with many cinematic firsts. Here’s a look at the full trailer: www.youtube.com/watch?v=NXhw9Y1SlpQ (Click through to YouTube to [...]
- Skip the lines, scream more with Universal Orlando’s new Halloween Horror Nights XX 2010 Frequent Fear Express PassUniversal Orlando is offering ways to experience more fear than ever at Halloween Horror Nights 2010. The annual Halloween event has increased in popularity over its now twenty-year run so much that trying to see all of its haunted houses and shows in one night is nearly impossible due to long lines. In recent years, Universal [...]
- “Survivor” heroes and villains brave the waters of SeaWorld’s Discovery CoveWinners and players of the hit TV show “Survivor” were recently in Orlando for an event to benefit Give Kids the World -- and they stopped by SeaWorld’s Discovery Cove for a day of outwitting, outplaying, outlasting and out-and-out relaxing. The players swam with dolphins and rays and got up-close to the parks exotic animals. Among [...]
- Pirates of the Caribbean 4: On Stranger Tides teaser video from San Diego Comic Con 2010Although the fourth Pirates of the Caribbean film, On Stranger Tides, doesn’t hit theaters until 2011, Captain Jack Sparrow has already made his return to the big screen for fans at the San Diego Comic Con. The following teaser video was shown in 3D to the audience during the Walt Disney Pictures presentation this past week: www.youtube.com/watch?v=9Qh5LrQNZZg While [...]
Inside the Magic podcast.
- ITM: Show 277 - July 25th, 2010Following BIG Disney movie news from the San Diego Comic Con (The Haunted Mansion!), we're joined by special guest "Weird Al" Yankovic in an interview backstage at Hard Rock Live Orlando just hours before his concert to discuss his song "Skipper Dan," the Jungle Cruise, Disney, and a few other topics. Plus our own former Jungle Skipper, Skipper Ben, dives into the mailbag and has Princess Lisa answer a few questions about Fantasyland. Read more about this episode at http://www.insidethemagic.net/podcasts/277
- ITM: Video - Interview with "Weird Al" Yankovic about Skipper Dan, Disney, the Jungle Cruise, and theme parks - 07/24/10Three hours before his July 21, 2010 concert at Hard Rock Live in Orlando, we sat down with "Weird Al" Yankovic backstage mainly to discuss his song "Skipper Dan" and its related topics of Disney's Jungle Cruise attraction and theme parks in general. Hear more about this video in Show 277 of the Inside the Magic audio podcast at http://www.insidethemagic.net/podcasts/277
- ITM: Show 276 - July 18th, 2010Happy 55th birthday Disneyland! After the news, we take you to Disneyland on July 17, 2010 for a special dedication ceremony in Town Square followed by a park-wide Happy Birthday greeting to the park that started it all. Skipper Ben also weighs in with his own thoughts on what makes Disneyland such a special place. Read more about this episode at http://www.insidethemagic.net/podcasts/276
- ITM: Show 275 - July 11th, 2010Following the news, this week's show is filled with tributes to Disney music including a World of Color piano rendition from Tom Ameen, a fun compilation of the 50 Days of Disney Music giveaways, a review of the Sherman brothers documentary The Boys, and the Country Bear Jamboree from Skipper Ben's vinyl record collection. Read more about this episode at http://www.insidethemagic.net/podcasts/275
- ITM: Show 274 - July 4th, 2010Captain EO is back at Epcot and Ricky takes you to its return featuring interviews with vice president of Epcot Dan Cockerell and Walt Disney Imagineers Debbie Petersen and Joe Tankersley. The newly-redesigned and technology-filled mall Disney Store has opened and Amy Rocchio brings you to its grand opening to find out all about it from Disney Store vice president of operations Paul Gainer. Skipper Ben takes us on a Walt Disney World tram ride and Jeremiah Daws helps celebrate July 4th with a special fireworks show from Disneyland. Read more about this episode at http://www.insidethemagic.net/podcasts/274
Sarah
April 30th, 2009 at 7:56 am
My office does this as well, and it drives me crazy. It is difficult to come up with an entirely new alpha/numeric/symbol password every six months — not to mention then trying to remember it!
John Romeo
April 30th, 2009 at 8:15 am
What’s funny about this (which drives me crazy too) is that when you have to change passwords so often, it’s most likely that you’re going to write them down in order to remember them. But that’s the LEAST secure thing you can do! So by requiring passwords to constantly be changed for security reasons, companies actually end up with customers who have LESS security.
Scott
April 30th, 2009 at 8:19 am
I have to disagree with the home lock comparison you’ve made Ricky. Your home is just that: your home, so you control how and who has access to the data (i.e. stuff inside) the home. The website is not yours (even though the data inside might be yours) so they get to decide how people should access the site.
Wesley
April 30th, 2009 at 9:15 am
I had a job where I had to change my password every MONTH! Eight characters, at least one number. And that was just to log into the network, not including any number of other passwords for subsystems/programs that I had to change either every 3 or 6 months. Although my main password was so random, I used it every day, so I could generally remember it. The real problem came when I had a password I changed five months ago and haven’t used since, which seemed to have happened ALL THE TIME. It was very frustrating.
What I don’t understand is why whatever program you’re using can’t email you 2-3 days before the password expires, saying, “Hey, we’re going to expire this password in a few days. Do you want to change it now, while you have time?”
Arianne
April 30th, 2009 at 12:03 pm
Funny that I read this just after receiving a call to reset someone’s password after I had just reset it for them l i t e r a l l y 3 minutes ago. Being in IT, I understand implementing password policies. Just keep a “system” for your passwords. Use the same one and change the number at the end every few months. Not the most secure but saves you some headaches.
Jesse
April 30th, 2009 at 12:10 pm
As an IT computer tech, I’m getting a kick out of this post & these replies. :)
Password complexity requirements and expirations are a necessary evil in this day and age. It’s one of those unfortunate annoyances that we have to put up with to keep people from accessing our private information, in this age of identity theft. I’ll steal your “house lock” analogy (no pun intended), and say that it would be nice if we didn’t have to put locks on our doors, as it doesn’t seem that long ago that we didn’t have to do so. Since we don’t live in a perfect world, it’s one of those things that we just have to try to learn to live with. I would rather put up with password annoyances, then to have someone steal my personal information.
Good post Ricky!
Ricky
April 30th, 2009 at 12:17 pm
I completely understand why password expirations exist… it would be nice if I were warned about them first, rather than just getting a message that says, “Sorry - You can’t access your account until you change your password! I don’t care if you have something urgent you need to get done right away. Stop everything you’re doing and change your password NOW. And if you can’t remember your old password, I’m going to make you reset it first, which may or may not work right away, delaying you even further.”
Jesse
April 30th, 2009 at 12:41 pm
Too true Ricky, warnings are very helpful to the user, and websites that don’t use them are very annoying. Here at my company, we implemented a system where an email gets sent out to the user every 3 days beginning 15 days before his or her password expires, complete with warning that their password is about to expire, and simple instructions on how to change the password.
Love your site!