[Cryptography] Password Hell

[Henry Baker]

If you're working for a corporation, and your business is declining for no apparent reason,
you might want to check to make sure that your password policies aren't driving your
best customers away.

I've been using the loyalty website of a major corporation for perhaps 3 decades, and
it has now apparently changed its password policy to require that my password be
changed EVERY TIME I log in, which is every several weeks.  That particular policy
might not have been the intent of new SW changes, but that is the reality.  Furthermore,
there is NO PERSON at home in their customer service department, so there is no
actual person to complain to -- only some ridiculous AI !

I've put up with ludicrous password policies -- 1 uppercase letter, 3 lowercase numbers,
2 Roman Numerals, 1 laughing emoji -- etc. -- as well as 2FA, but none of these people
designing these web sites seem to have any real appreciation for EITHER security OR
good UX.

If you happen to work for one of these major corporations, you might want to actually
try to log into your own company's web site under different conditions to see what a
disaster this whole password area has become.

OH, and don't try to convince me to use facial recognition; last time I checked, it's
going to be one heck of a task to change my face when your web site screws up!

Thx for listening...