We work for Engulf and Devour. That isn’t the company’s real name but we’re paranoid and don’t want to be fired. Anyhoo, E & D requires its employees to have a password for starting up their PCs. There’s also one for logging into the network. There’s a separate one for e-mail, and there’s a couple more for other things. Since they tend to expire at different times of the year, using one secure password is a difficult feat to accomplish.
The thing that we don’t get though, is why we have to change a perfectly good secure password every so often. If the darn thing is more than 12 characters in length and has a mixture of uppercase, lowercase, numerals, and a few non-alphanumeric characters thrown in for good measure, then that’s one secure password. The system locks you out if you fat-finger the password more than 3 times, so the chances of someone successfully deploying a brute force attack are remote. Assuming we don’t tell anyone what the password is, it’d take years for an unscrupulous person to break into our e-mail accounts. That’s why we can’t understand why we ever have to change it.
There is something to be said for security, but we feel that laziness is important, too.