Password Requirements are Non-Negotiable

Jay 2K Winger · #1 07-28-2011, 05:24 PM

Just had a call with another luser.

She'd called earlier to have her password reset. But the password provided wasn't working. (After dealing with her, I have my doubts that the password was wrong, but whatever.)

So I reset her password for her again and stay on the line to make sure she can get in. After a couple of misunderstandings, she gets the password entered correctly and now has to reset it herself.

For a few minutes, she keeps insisting it's not working. I verify she's using the temporary password I gave her as the "old" password. Yes. But it's not accepting her new password.

So I run down the list.

J2K: "Are you using upper-case, lower-case, and numbers?"
Her: "Yes."
J2K: "Is it at least 12 characters long?"
Her: "Oh, it's gotta be 12?"
J2K: "Yes."
Her: "Not 8?"
J2K: "No."
Her: "Can I go 10?"
J2K: "...No."

Seriously?

Moirae · #2 07-28-2011, 06:11 PM

I know the feeling. I worked a comcast call center for a while.

I had this one woman that made me so upset they had to take me off the phones for an hour and a half because I was crying and shaking. She called me every name in the book, and incompetent and liar were the nicest of them. We weren't allowed to hang up on the customers no matter how abusive they were, and I tried to get a supervisor to take the call but he couldn't get to me fast enough. It was so bad that the other chairs around me could actually hear her and I had the guy next to me standing behind me with his hand on my shoulder. By the time she finally hung up (the supervisor didn't get to me until seconds before she hung up), there were finger prints in the chair. I had been talking to one of the techs over the chat they use in the company for technical help and told him what was going on. When she finally hung up, he asked if I were ok. He and the supervisor took me off the phones or I'd have walked out right then and there. All because comcast (at the time) used 8 digits in its passwords instead of the traditional 6.

Never have I been so abused by a customer, not before or since then.

I have stories like the woman whose kids used their modem as a football. And another women that dropped soda on her modem, filled the bathroom sink with water, and put the modem in it to clean it then plugged it back in.

Seriously, if a person can't understand basic fundamental things like you shouldn't put electronics in water, then you shouldn't own anything computerized because you're too stupid for technology.

Squeaksmyalias · #3 07-31-2011, 12:49 AM

Your problem is why my Mom's boss pays me to come in during updates and required password changes. I have a book of words each of the staff likes. I make them their own password, reset it for them, tell them what it is and move on to the next one. During updates or times when serious fixing needs to be done, I take the CSR to another office, then log her into a different computer since none, including my mother seem to get that they CAN work at a different computer then myself and one of the managers work on what needs to be done. It's bad, I've finally gotten one of the CSRs to understand she can check her yahoo email account from her work computer. It only took me two bloody years! I need a drink just thinking about this. So far only one manager, and the company owner know how to do these things without help, the 14 other people in the office have issues with it all. I'm not a tech either, I'm not even that good with computers, but some how I find myself doing these things and setting up new computers and laptops when they come in.

Blade_Raver · #4 07-31-2011, 11:48 AM

Here's how these conversations go at my work:

EW - I want the last password I used!
ME - Can't do that. Rules are can't be the last 6 you've used.
EW - Well that's b***s***. You're an admin. Change it back!
ME - You want to know what happens if I were to ignore rules and change it?
EW - What?
ME - The server detects the manual password change and it being one of the last 6 passwords used. It fires an alert email to IT Security. IT Security contacts your boss and mine and we both get fired for breaking company IT Security policy.
EW - Oh. In that case, I'll go change my password now.

mattm04 · #5 08-01-2011, 03:47 AM

I remember in college, IIRC you had to change you password every 90 days and at the beginning of the fall semester. One year I was a Intern in one of the computer labs it would never fail that someone would come to me saying their password wasn't working and they go a weird error.

I would make them try it again, see that their password expired and tell them to reset it. I learned very quickly to keep a bunch of printouts, directly form the IT dept. website where they listed the password policies in the office to give to people who asked.

Irving Patrick Freleigh · #6 08-04-2011, 09:44 AM

I hate setting passwords for everything because it's all going paperless now.

I understand a good password looks like a cat rolled around on my keyboard for six hours. But if I want to make my password "hooters," that's my shitty decision and you should let me roll with it.

Thanks to The Oatmeal for obvious inspiration.

Eisa · #7 08-04-2011, 11:03 AM

^

I hate trying to make my password 12 characters 'cause I can't do it and remember it at the same time.

But FFS, if that's the requirement, that's the requirement. Deal with it.

At my uni, we had to change it every semester at least.

It's me · #8 08-04-2011, 12:30 PM

Quote:

Quoth Irving Patrick Freleigh

But if I want to make my password "hooters," that's my shitty decision and you should let me roll with it.

Keep in mind that the password protects corporate assets, not your personal ones. But yes, some password policies are so complex that they pretty much require people to have a sticky note with the password stuck to their monitor.

Jay 2K Winger · #9 08-04-2011, 03:05 PM

Quote:

Quoth It's me

Keep in mind that the password protects corporate assets, not your personal ones. But yes, some password policies are so complex that they pretty much require people to have a sticky note with the password stuck to their monitor.

Yeah, if you try to leave a sticky note with your password on your monitor here, you can get fired. They don't mess around with information security here.

wolfie · #10 08-06-2011, 04:08 PM

Quote:

Quoth Blade_Raver

Here's how these conversations go at my work:

EW - I want the last password I used!
ME - Can't do that. Rules are can't be the last 6 you've used.
EW - Well that's b***s***. You're an admin. Change it back!
ME - You want to know what happens if I were to ignore rules and change it?
EW - What?
ME - The server detects the manual password change and it being one of the last 6 passwords used. It fires an alert email to IT Security. IT Security contacts your boss and mine and we both get fired for breaking company IT Security policy.
EW - Oh. In that case, I'll go change my password now.

Easy workaround:
Change password to temp1
Change password to temp2
Change password to temp3
Change password to temp4
Change password to temp5
Change password to temp6
Change password to last password I used

The password they want isn't among the last 6 they used, so the system thinks it's OK.

Quote:

Quoth Jay 2K Winger

Yeah, if you try to leave a sticky note with your password on your monitor here, you can get fired. They don't mess around with information security here.

How about having your password on a permanent label (applied by the manufacturer) on the underside of your keyboard or mouse? If the model number/serial number is complex enough, it could easily fit the pattern of a "legitimate" password under company policy.