Changing 40+ Passwords: Annoyances

20 May

In the first part of this blog series, I looked at the process of changing and remembering 40+ passwords. In this part, I recount a few of the annoyances I uncovered…

  • Microsoft Office 365 comes in two flavours. Enterprise edition and the home version. I use two-factor authentication on both. BUT WHY do I have to use different two factor authentication apps. Google Authenticator is fine for the home edition, but for the Enterprise version it will not work, and I have to use Microsoft’s own iPad app. Grrr…
  • TheTrainline.co.uk. You hold my credit card details. Why is my password too long? Why do I need to use a shorter less-secure password? Luckily, when I log onto your site, if I use a longer password it would seem to automatically truncate it and get a correct match, so I can live with it. Grrr…
  • Premierinn.com. Why can’t I have characters other than alphanumerics in my password? Good practice advice typically suggests a punctuation character. I have 40+ passwords to remember, so if I can’t use a pattern as described in the first blog of this series, I will not remember your password. Grrr…
  • One site, which shall be nameless for obvious reasons will only let me have a 4 character password – and I cannot change it without contacting an administrator. BIG Grrr…
  • At least 4 sites would not let me change the password without contacting an administrator. I hope you are not snowed under with every user contacting you.
  • The Microsoft Outlook Web Access (OWA) iPad app does not work with 2FA. Not a problem you’d think, as Microsoft provides static, application specific passwords for that purpose. But unbelievable they do not work with OWA for iPad either!
  • I mentioned that for some key sites, I use two factor (or two step) verification. Come on Amazon, and VirginMedia, keep up with the times.
  • During the password reset of SwimClubManager.co.uk, rather than emailing be a link to reset the password, a new, random password was sent in the clear in the text (at least not my old password, as happened in “Revelations of a Password Reset“. My issue here, is having logged on with the new password I was not compelled to change it.   Ditto twitterfeed.com, http://www.thompson-morgan.com

That is not quite the full story. One big issue remains.

In the final part of this blog series, the real motivation behind me sitting down to write it, I reveal an issue, a big issue, that in some cases meant changing the password meant I was no more secure than I was prior to making the change.

4 Responses to “Changing 40+ Passwords: Annoyances”

  1. Tim Holman May 26, 2014 at 08:41 #

    I still bemoan the websites that insist you have a username and password just so you can buy something. Frivolous credentials should be banned.
    You mention a 4 character password above, but surely this would be ok if there was a sensible 3 strikes and out password policy? I somehow doubt that was the case though. 🙂

    Like

  2. Swim Club Manager December 6, 2014 at 13:04 #

    Nice article. We changed our password recovery procedure over at Swim Club Manager awhile ago.

    Like

Trackbacks/Pingbacks

  1. huttrivervalley | Two helpful password tricks to make your account and you a little more secure… - May 23, 2014

    […] Changing 40+ Passwords: Annoyances […]

    Like

Please join the discussion, we welcome your views...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: