Bob's Identity Management Blog

"Anyone can hold the helm when the sea is calm." – Syrus Publilius

I did forget my password; I admit that. I struggled and struggled trying to remember the password I had used on the Quest.com software download page… I mean you cannot believe how upset I was. I had been running along fat-dumb-and happy for as long as I remember with that little check box that says in big friendly letters “Remember Me” checked – you know the one just below where you type your password one time and only one time. Why had Quest.com/downloads forgotten me? Was I not important anymore?

So I finally gave up trying to remember my long lost password and with great shame and discrase I sheepishly clicked the “I forgot my password” link. The next screen told me to check my email for a temporary password then enter that on temporary password line of the web page now presented to me, which I did.

Then all hell broke loose. When I entered a new password using some basic complexity rules this is what I saw:

How the heck would anyone in their right mind be able to construct a password with those rules and then actually remember that password more than a day or two later? After looking at this screen I realized that my bank, credit card company, my on-line action company all have similar horrible password policies that defy anyone to work over the internet un-impeded. This really pointed out to me the need for new technologies like Microsoft’s Geneva claims server or the existing MyOpenID where athentication becomes a service that many different applications can use to simplify the lives of us dumb users.