« Blog Commercialization | Main | iPod FUD »
Your Password Has Expired
This morning at The Job, the mail server (MS Exchange; blech) informed me that my password had expired. Ugh. It's been warning me about this for a while; I've had no desire to do anything about this situation until it became an issue..
After several futile attempts to set a new password, each of which returned the oh-so-helpful (not) message:
Error number: -2147022675I gave up in disgust and sent a note to the IT folks.Back
It turns out my password wasn't supposed to expire. Windoze users' passwords are set to expire. Mac users' passwords are not supposed to be set thusly. I use a Mac; my password expiration was a configuration error.
Apparently the difficulty I encountered in trying to reset my password is not uncommon for Mac users (note that I was using my Web Browser for this interaction). IT calls this is an example of incompatibility. I call it just one more reason to use a Macintosh.
I have a philosophical objection to forced-expiration passwords. In 20+ years of using passwords, the one and only time I have ever forgotten my password (and had to ask for assistance to set a new one) was also the one and only time I was forced to reset my password right now.
I use a "good" password (in theory). It contains upper and lower case, numbers, at least one special character, all that fooferah. Also, I don't leave mail on the mail server for very long; I file it on my local disk. And... to be honest... I don't get any highly confidential mail. The Company is inside a firewall. If one of my co-workers snooped my email, they would probably be really bored.
I treat voicemail the same way (I get essentially no voicemail; truth be told, I don't know if I even have voicemail at this Job). I used to work for a company where the voicemail passwords expired every 90 days. However, there was a bug in the system. When prompted to set a new password, you could re-enter the old one and the system didn't compare. So, every 90 days I re-entered the same 6-digit numeric code (think about it; how secure is a 6-digit numeric code anyway?).
I wouldn't object if The Company ran a simple cracker program every month or so and notified users whose passwords were susceptible to dictionary cracking. But I personally believe that the best way to cause users to set silly simple memorable (i.e. guessable) passwords is to force them to change their password regularly whether they want to or not.
July 6, 2004 in category Web/Tech | Permalink
