Yeah, and this is also why people wind up using the same two or three passwords for everything. When I worked in the national lab, they assigned us passwords -- awful, un-memorizable things that met IT's standards. So of course everyone kept theirs on a post-it someplace or locked in a drawer.Hah!
Forget that, chemprof!
The times they are a-changin'.
The tech system at my college automatically changes both your passwords every 90 days unless you change them first.
Needless to say, I've never changed either password first, mostly because I have never, not once, seen the email alert re: Impending Password Change that's supposed to come out on Day 85.
Not getting the memo may be my fault, of course.
My college has two separate IT systems with two separate email addresses and two separate passwords, and you have to find this out yourself, usually over the course of multiple conversations with Help Desk. Nobody tells you, going in, "Welcome to yourcollege! We have two IT systems."
The user interfaces are inscrutable, with tiny-fonted "ADMIN SIGN INs" here and orange "ROOM BOOKING" tabs there (you have to click on a "Room Booking" tab to find out who you're tutoring) and two "Change Password" tabs that don't change your password but do lock you out of the system, and nothing you do takes less than 8 steps. I have a list of 18 steps to deal with the Online Appointment Calendar. The whole thing is stupefying.
The system was so impossible to navigate that eventually I settled into a routine of using my Verizon account 95%-99% of the time, and checking my two work emails only when my fear that I was missing essential communications grew stronger than my dread of dealing with the system.
So I may have missed the Password Change alerts. Assuming the alerts were a) sent and b) actually delivered to one of my 2 work addresses, that is. Which I do not assume.
Back to my story: for a while there things were working OK, I thought. Every so often I would discover that my password(s) no longer worked, and I would deal with it when I absolutely needed to by calling Help Desk and having them figure things out. But this most recent lockout has taken almost 3 weeks to resolve, with 4 different employees working on my case at various times, and multiple phone calls and emails. I don't want to do this again come April.
So I had a long conversation with Help Desk about the EXACT steps involved in changing my password(s) myself. Then I had Help Desk stay on the line while I looked up passwords, changed passwords, and reconciled passwords.
Which brings me back to chemprof.
Naturally, I want only one password for everything, so I asked Help Desk whether I could change back to my regular password now that a few 3-month cycles have gone by.
Help Desk said he'd see, and he checked the documentation which, he was surprised to learn, made no mention of the number of old passwords the system remembers. (No documentation? That is surprising.)
The usual number of old passwords a system remembers, he said, is three. If you use your usual password, you should be able to cycle back to it after 3 changes.
But that's going to change, he said. The new Windows system is going to remember twenty-four old passwords. If your system makes you change passwords 4x a year, it'll be 6 years before you can use your regular password again.
I wonder if, when that happens, the Bureau of Labor Statistics will be able to pick up a measurable drop in productivity.