Another one from the company my girl works for.
Customers are able to password protect their accounts in order to prevent social engineering attempts and such. Usually this process goes as well as normal passwords go. However in this case if the customer doesn’t happen to have their password they need to go out of their way to a store and verify their ID to get it changed.
Many times representatives for the company are forced to send a customer to the store even though clearly the mistake was the companies.
You see the password field the representative had to type in had no confirmation field. Sometimes a speedy rep would race through the form and be off in filing it out. As a result the date or an odd account number would end up as the password instead of what the customer requested.
This error has been fixed recently. But the lesson is clear: ALWAYS double verify new passwords. Even more so if your expecting your customers to jump through several hoops to reset it.