A novel password policy
Setting up some demo servers recently Steve and I tripped over the Windows 2008's default password policy: it needed to be relaxed to get to easy password we use in demos. Steve advocates pass-phrases "IHateChangingmyPasswordEvery30Days" is better than "o^1bKK%19#"
However I read this article this morning about having a bit of trouble with their passphrase.* I don't think that was a case of "computer says no"
This reminds me of two things, one was Steve (again) telling realising that one of the "secrets" he shared with his bank was known to people it shouldn't be, starting a call to them with "Hi, I need to change my 'mother's maiden name' " . Steve just viewed that as a kind of password which should be changable - the bank employee (and it's computer system) couldn't cope with the idea that Steve's mother would change... And it also reminds me of man called Michael Howard who, after a spat with his bank, changed his name by deed poll to "Yorkshire Bank are Fascist bastards". The Bank apparently asked Mr Bastards to take his business elsewhere, he replied, sure just write me a cheque for my outstanding balance.