Changing 40+ Passwords: Annoyances

Cyber Security, Identity and Access Management 2 Minutes

In the first part of this blog series, I looked at the process of changing and remembering 40+ passwords. In this part, I recount a few of the annoyances I uncovered…
  • Microsoft Office 365 comes in two flavours. Enterprise edition and the home version. I use two-factor authentication on both. BUT WHY do I have to use different two factor authentication apps. Google Authenticator is fine for the home edition, but for the Enterprise version it will not work, and I have to use Microsoft’s own iPad app. Grrr…
  • TheTrainline.co.uk. You hold my credit card details. Why is my password too long? Why do I need to use a shorter less-secure password? Luckily, when I log onto your site, if I use a longer password it would seem to automatically truncate it and get a correct match, so I can live with it. Grrr…
  • Premierinn.com. Why can’t I have characters other than alphanumerics in my password? Good practice advice typically suggests a punctuation character. I have 40+ passwords to remember, so if I can’t use a pattern as described in the first blog of this series, I will not remember your password. Grrr…
  • One site, which shall be nameless for obvious reasons will only let me have a 4 character password – and I cannot change it without contacting an administrator. BIG Grrr…
  • At least 4 sites would not let me change the password without contacting an administrator. I hope you are not snowed under with every user contacting you.
  • The Microsoft Outlook Web Access (OWA) iPad app does not work with 2FA. Not a problem you’d think, as Microsoft provides static, application specific passwords for that purpose. But unbelievable they do not work with OWA for iPad either!
  • I mentioned that for some key sites, I use two factor (or two step) verification. Come on Amazon, and VirginMedia, keep up with the times.
  • During the password reset of SwimClubManager.co.uk, rather than emailing be a link to reset the password, a new, random password was sent in the clear in the text (at least not my old password, as happened in “Revelations of a Password Reset“. My issue here, is having logged on with the new password I was not compelled to change it.   Ditto twitterfeed.com, http://www.thompson-morgan.com

That is not quite the full story. One big issue remains.

In the final part of this blog series, the real motivation behind me sitting down to write it, I reveal an issue, a big issue, that in some cases meant changing the password meant I was no more secure than I was prior to making the change.

Published

4 thoughts on “Changing 40+ Passwords: Annoyances

  1. Pingback: huttrivervalley | Two helpful password tricks to make your account and you a little more secure…

  2. I still bemoan the websites that insist you have a username and password just so you can buy something. Frivolous credentials should be banned.
    You mention a 4 character password above, but surely this would be ok if there was a sensible 3 strikes and out password policy? I somehow doubt that was the case though. 🙂

    Like

Comments are closed.