I used to work at my university’s tech support department, where we would receive phone calls from students, staff, faculty, and even trustees that had our campus information system account.
The thing wtih the campus information system is that your password had to be changed once a year. I would say well over 50% of my workload was simply resetting passwords for people who didn’t reset their password by the deadline.
One day, I receive a call from a trustee because she could not access her account. I had a standard password that I would temporarily reset everyone’s password to when they called, because my resets would only last for one week. I would reset it to (universityname)123!, and walk them through logging into their account and setting their new, permanent password.
I had strict instructions that I was NOT ALLOWED to log into the callers account and change their permanent passwords for them. This became especially problematic with this particular caller.
You see, this person was simply too old to be using a computer. Except I couldn’t say that… because our university had named a building after her.
45 minutes and multiple temporary password resets later, she still was unable to access her account. For the life of us, we could not figure out why.
I had to leave to go to class, so I transferred the call to my supervisor… who spent another 45 minutes with her. What was the problem? She could not figure out that, in order to type an exclamation point, she needed to press the shift key and the 1 key at the same time (even though we had told her that multiple times).
When we reset passwords on our systems, they only last for a week. Since this poor lady was simply unable to create a unique password that met the complexity requirements on her own, we created one for her… and loaded a script into our server that would reset her password to that same password once a week – for eternity.