Web security is good. It’s always nice to know that I can safely log in to a site and have my information easily accessible and yet still remain private. The method of security adopted by most sites is a simple username and password system, which, by remembering just two pieces of information, lets you pull up whatever private data you’re interested in retrieving. But not all sites are so simple, as a few require…

Mandatory Password Changes

I recently tried to log in to an account that I’ve had for over a year and suddenly my password no longer worked. It wasn’t that I had forgotten my password or that my password had been changed, it was that it was no longer valid. On purpose.

The company has a policy of invalidating passwords every so often as a “security” measure. It required me to select a new password that was not only different than my previous one, but also different than any of my previous five passwords (if I had that many). Instead of letting me into my account and simply recommending that I change it, it was forcing me to choose a new password immediately, otherwise I received no access.

While I completely understand that changing passwords every so often is a good idea, just in case someone managed to figure out your login information and you didn’t realize it. However, I let my Web browser save my usernames and passwords so I don’t have to remember them all, as I have many different ones and generally only access certain accounts from one or two particular computers. As such, I was unable to verify my existing password when it forced me to make a new one, as my browser didn’t know how to fill this form in. In other words, I had been shut out of my account as part of a scheduled “security” check. I found this to be incredibly annoying.

What if I had some urgent matter I had to attend to in my account and didn’t have time to deal with a password change? Shouldn’t I have some option of changing my password at my leisure? Or, better yet, shouldn’t it be my own responsibility to change it at all? If I want the same password for the rest of my life, shouldn’t that be my choice, not theirs? It’s like coming home one day and finding that all of the locks on my house were changed because I lost my key, but I can’t get the new key unless I unlock one of the old locks first. It’s a system that is flawed and I wish less sites required password changes at all. Recommend them to me, but don’t make me waste my time changing my password just because some company thinks it needs to be changed.