Why we love last-millennium password policies


IT pilot fish goes to work at a large retailer's distribution center, where the policy is that passwords must be changed every 90 days.

"Once I got settled into my office, I set up my phone to connect to the corporate Wi-Fi," fish says. "I couldn't do much on my phone except get and send emails while connected to the Wi-Fi.

"Nearing my first 90 days, I got the notification in Windows to change my password. I did so with no problems...at first.

"After about 30 minutes, my computer locked up and told me I was disabled. I had to have co-workers re-enable me, but it kept happening every 30 minutes or so. I tried changing my password again and had corporate's computer operations look into it -- they couldn't find anything other than that my password would fail three times according to the log.

"The next day, I was disabled from the start. I couldn't even log in once I got to my desk.

"The process of re-enabling every 30 to 60 minutes continued for a few hours -- until I looked at my phone and saw a notification saying my password was invalid for my user name.

"Light bulb went off. I changed the password to log in on my phone to the current password I use to log into Windows -- and the problem went away."

Now that you're connected again, connect with Sharky. Send me your true tale of IT life at sharky@computerworld.com. You'll score a sharp Shark shirt if I use it. Add your comments below, and read some great old tales in the Sharkives.

Get your daily dose of out-takes from the IT Theater of the Absurd delivered directly to your Inbox. Subscribe now to the Daily Shark Newsletter.

The march toward exascale computers
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies