No good password goes unpunished

Consultant pilot fish is paying his bills online, but for some reason his health insurance company's website won't let him log in.

"I tried twice, and it rejected either my user name or my password both times," fish says. "It also warned me I'd be locked out after a third try, so I waited a few hours and tried again. Still no luck."

Fortunately, fish is able to find a website-support number on the insurance company's public website. After a few minutes on hold, he gets a support rep who requests his policy number and then asks what the problem is.

Fish explains that he's trying to log in with the same user name and password that worked when he paid his bill the month before, but now it's not working. Is there a known issue on your system, or is there a problem with my account? he asks.

There is an issue that might be causing the problem, support rep tells fish. It seems that at the start of the month, security was switched from supporting passwords between six and eight characters long to supporting passwords that are up to 15 characters, and customers with the longer passwords are now having problems.

Fish assures the rep that his password is more than eight characters long.

"Try logging in with just the first eight characters," rep says.

Fish does. It works. Then, once he's logged in, the support rep walks him through changing his password from that eight-character version to his full password.

And before he hangs up to finish paying his bill, fish thanks the support rep and wishes her luck dealing with all the other customers who chose long passwords because they thought they'd be more secure.

"But they were throwing away anything in a password beyond eight characters," grumbles fish. "And then after the security upgrade, the people who had longer, better passwords were the ones who were punished for it.

"At least they used bounds checking to confirm input length..."

Sharky doesn't want your password -- just your true tale of IT life. Send it to me at sharky@computerworld.com. You'll get a stylish Shark shirt if I use it. Add your comments below, and read some great old tales in the Sharkives.

Get your daily dose of out-takes from the IT Theater of the Absurd delivered directly to your Inbox. Subscribe now to the Daily Shark Newsletter.

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
Related:
Windows 10 annoyances and solutions
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.