Changing 40+ Passwords: Annoyances

In the first part of this blog series, I looked at the process of changing and remembering 40+ passwords. In this part, I recount a few of the annoyances I uncovered…

  • Microsoft Office 365 comes in two flavours. Enterprise edition and the home version. I use two-factor authentication on both. BUT WHY do I have to use different two factor authentication apps. Google Authenticator is fine for the home edition, but for the Enterprise version it will not work, and I have to use Microsoft’s own iPad app. Grrr…
  • You hold my credit card details. Why is my password too long? Why do I need to use a shorter less-secure password? Luckily, when I log onto your site, if I use a longer password it would seem to automatically truncate it and get a correct match, so I can live with it. Grrr…
  • Why can’t I have characters other than alphanumerics in my password? Good practice advice typically suggests a punctuation character. I have 40+ passwords to remember, so if I can’t use a pattern as described in the first blog of this series, I will not remember your password. Grrr…
  • One site, which shall be nameless for obvious reasons will only let me have a 4 character password – and I cannot change it without contacting an administrator. BIG Grrr…
  • At least 4 sites would not let me change the password without contacting an administrator. I hope you are not snowed under with every user contacting you.
  • The Microsoft Outlook Web Access (OWA) iPad app does not work with 2FA. Not a problem you’d think, as Microsoft provides static, application specific passwords for that purpose. But unbelievable they do not work with OWA for iPad either!
  • I mentioned that for some key sites, I use two factor (or two step) verification. Come on Amazon, and VirginMedia, keep up with the times.
  • During the password reset of, rather than emailing be a link to reset the password, a new, random password was sent in the clear in the text (at least not my old password, as happened in “Revelations of a Password Reset“. My issue here, is having logged on with the new password I was not compelled to change it.   Ditto,

That is not quite the full story. One big issue remains.

In the final part of this blog series, the real motivation behind me sitting down to write it, I reveal an issue, a big issue, that in some cases meant changing the password meant I was no more secure than I was prior to making the change.


4 thoughts on “Changing 40+ Passwords: Annoyances

  1. I still bemoan the websites that insist you have a username and password just so you can buy something. Frivolous credentials should be banned.
    You mention a 4 character password above, but surely this would be ok if there was a sensible 3 strikes and out password policy? I somehow doubt that was the case though. 🙂


Comments are closed.