Why we love last-millennium password policies

IT pilot fish goes to work at a large retailer's distribution center, where the policy is that passwords must be changed every 90 days -- which turns out to have unexpected consequences.

IT pilot fish goes to work at a large retailer's distribution center, where the policy is that passwords must be changed every 90 days.

"Once I got settled into my office, I set up my phone to connect to the corporate Wi-Fi," fish says. "I couldn't do much on my phone except get and send emails while connected to the Wi-Fi.

"Nearing my first 90 days, I got the notification in Windows to change my password. I did so with no problems...at first.

"After about 30 minutes, my computer locked up and told me I was disabled. I had to have co-workers re-enable me, but it kept happening every 30 minutes or so. I tried changing my password again and had corporate's computer operations look into it -- they couldn't find anything other than that my password would fail three times according to the log.

"The next day, I was disabled from the start. I couldn't even log in once I got to my desk.

"The process of re-enabling every 30 to 60 minutes continued for a few hours -- until I looked at my phone and saw a notification saying my password was invalid for my user name.

"Light bulb went off. I changed the password to log in on my phone to the current password I use to log into Windows -- and the problem went away."

Now that you're connected again, connect with Sharky. Send me your true tale of IT life at sharky@computerworld.com. You'll score a sharp Shark shirt if I use it. Add your comments below, and read some great old tales in the Sharkives.

Get your daily dose of out-takes from the IT Theater of the Absurd delivered directly to your Inbox. Subscribe now to the Daily Shark Newsletter.

Join the Computerworld newsletter!

Error: Please check your email address.

More about

Show Comments