Sometimes a good intentioned security practice can go horribly wrong. The company my wife works had a training session on some new material in a new system. To start training everyone’s password was reset with an eleven character temporary password. Upon logging in users were met with a simple screen asking them to change their password to one of their liking.
It was your typical password change form. One box on the top for your old password and then two below for the new one. But as everyone tried to change their password they were meant with error after error.
My girlfriend was smart enough to count the stars in the password field. Whoever had come up with the magic eleven number had apparently forgotten that the change password form only takes ten characters. With no way to continue and nobody around to fix the problem she and all of her co-workers spent a good part of the day filling out various packets with ‘could not view training material.’
And now, as a result of these overbearing and poorly implemented security protocols, everyone’s password is stuck on the same temporary one until someone who can count can fix it.