Re: Oh for goodness sake
@Brenda - spot on. What really grates me in the corporate environment is they spend a boat-load on single-sign-on solutions, that work for about a week before some berk in HR buys a new external web tool that lives outside the domain.
What I find incredible however, is that it's these 3rd party systems/services that require the Trident-level of secure passwords while the main AD log-on requires less detail.
One example - at a company I worked at, password was required to be 6 chars, at least one letter and number, to be changed once every 2 months. The HR "performance" systems (externally hosted, but with IP filtering) required 8 chars, mixed case alphanumeric with at least one special character to be changed monthly. On a system that was accessed once every 3-6 months.
The kicker was that if you clicked the "forgot my password", it would email you password in plaintext.