The last job I had was supposed to be as a software developer, but I was roped into doing most of the Tech. Support work also. The most paradoxical control I ever met was the "Remember password" checkbox. Checking it usually meant that users promptly forgot it. One evening, I had to update some worker's PC (install some operating system patch) and logged in as "administrator" to do so. The next morning, I had barely got my coat off before the phone rang. The worker was on the other end in tears. "I can't log in! It says 'administrator' and the password doesn't work."

Me: "Ah, sorry about that, I had to do some work on your machine last night. Just put your own username and password in."
<pause>Worker: "What are my username and password?"
Me: "Your username is <vapiddolly>. Only you know your password."
Worker: "I've set the username, but the password still doesn't work."
Me: "What password are you using?"
Worker: "The one I've always used."
Me: "And what is that? If you read it out to me, I can try it on the server, see if you have a sticky key or something."
<pause> Worker: "I don't know. I think it wasn't anything. I never used to have to type one in."
Me: "Ah! Because I logged in with a different username last night, the remembered password will have been overwritten. OK, I have temporarily reset your password to 'password', all lowercase, no spaces. The system will prompt you to set a new password when you log in."
Worker: "Can't you set it for me?"
Me: "Yes, what password would you like?"
Worker: "The one I had before."
Me: "Just a minute." <glug, glug, glug. I swallow half a scalding cup of coffee. No, the world still makes no sense> "I don't know your old password. You will have to enter a new one. Minimum eight characters, can be upper or lower case letters or figures, no spaces. Or, if you want to read out your new password to me, I can set it on the server."
Worker: "But how will I remember my new password?"
Me: "Check the 'remember password' box under where you normally put the password. Then the computer will remember it every time you put your username in."
Worker: "But can't you give me back the old password?"
Me: "I don't know it, and in any case I have already reset it to 'password'."
Worker: "But the computer already knows the old one. Can't you, I don't know, open up the computer and look for it?"

In theory, it might have been possible to extract and decrypt a remembered password, not by opening up the computer's case but by getting a hidden system file location from obscure registry settings and reverse engineering the encrpytion algorithm by typing in several hundred known passwords and comparing the encrypted versions. It was only slightly less complicated and time consuming to go to <vapiddolly's> desk and talk her through designing and entering a new password.