By mduigou on Sep 04, 2010
I recently had to change my password for a single signon service I use. I opted to include a "?" in my new password. Over the next couple of days I discovered that I could only enter my password on some of the sites I needed to use. On others it was consistently rejected. Luckily because it was single signon I could sign on to one site and then navigate to the another that wouldn't allow me to enter my password.
After a few days I figured out that some sites just didn't like my password. I decided to change my password to something that didn't include "?". Lo and behold, I could now log in using any of the sites which used the single signon service. Sigh.
It bothers me that standards for passwords are still so inconsistent. Case sensitive, case insenstive, spaces allowed, no spaces allowed, numbers allowed, numbers not allowed, random allowability of symbols. Usually the reasons for the restrictions are bizarre and arbitrary (what to do with computers isn't?). It's very frustrating for users to work with these varying restrictions imposed by multiple sites. It would certainly make things easier if more effort was spent to allow users the maximum flexibility in their password choice and probably more importantly that the behaviour was more consistent among sites. Perhaps industry specific standards or best practices could reduce the frustration around password policies. It's worth a try.