What bugs me are predefined challenge questions for recovering forgotten passwords.
You've seen them. "Please supply answers to the following questions: 1) What is your mother's maiden name? 2) What was your first school? 3) What was your first pet's name?" etc.
So there I was, creating a profile at a newspaper's site, and got this response to one of my challenge answers:
Please correct the following error(s) before proceeding: Password must contain at least one character that is not a letter.Come on, folks. My first pet's name is only 5 letters long. My bad, I know, but when I was 5 I wasn't thinking about password strength as I chose my pet's name. All I was looking for at the time was a name short enough that I could finish calling him before bed time.
Enter name of your favourite pet. Response must be between 6 and 9 characters long.
It is your predefined challenge list that is forcing me to use my pet's name, and now you won't accept my pet's actual name .. what do you want me to do, make one up? And then forget what I made up?
What if my mother's maiden name is 'Wall', is that ok? Or would I have to get her to legally change her maiden name?
Please, let me make up my own challenge questions, and let me put off explaining password strength to my kids for another few years. Maybe once they're walking.
Ok, in the interest of accuracy, my kids are in fact walking. But this was funny, and I hope it made my point.