My most annoying password difficulty has been with a corporate site that imposes a "three tries and you're out" rule.

If anyone makes three attempts to log in that are unsuccessful, that "account" is locked. The "real" password won't even be accepted when the ask you to enter "old password" to validate assignment of a new password.

The only way to get a new password is by telephone to a number NOT DISPLAYED at any page that tells you they're not gonna let you in.

Accounts are in your "real name" (as deteermoned by them) so I assume that one - or more - of the approximately 28 people (that I know of at the company) who would be "assigned" the same "real name" as mine are attempting to access my account using their password, resulting in lockup of my account. In six months, I made five attempts to login, and had to get a new password EVERY TIME.

On at least two occasions, a "new password" was locked out within 24 hours of being assigned.

I haven't attempted to access that site for about eight years now, and they wonder why, and why I demand that ALL CORRESPONDANCE BE BY SNAIL MAIL ????????

(Fortunately, it's not a very important site: just the benefits and insurance site for my corporate retirement plan ... .)

Like many companies, they did demand new passwords for access to the company network, every 60 days or so for active employees IIRC. You could not re-use recent prior passwords, but they only remembered the last three way back then, I believe, so you could rotate four or five of them to reduce the memory load by only remembering which one you used last (it's a lot of "new passwords" if you've been there almost 40 years). They didn't require "secure" passwords by current standards then either, but may have gotten smarter by now.

John