We all have accounts all over. Every website we have account with wants us to have a unique password. The IT department at the place I worked before wants employees to change password every 2 months, cannot repeat last 24 password and have crazy rules about what can and cannot be in password (at least one digit, at least one symbol, at least one lowercase, at least one uppercase, at least 8 characters). This is totally counterproductive as people are very likely to put the password of the month down or use a simple scheme, like 1+Q+SHIFT-2+SHIFT-W+3+E+SHIFT4+SHIFT-R first month, then moving onto the next on the keyboard next month. Security is in the tubes.
An unnamed online financial institution does not allow me access to the account and when I log in, they want me to change my password because of the security advisory. However, their very T&C state very clearly that user is solely responsible for the security of their account. This is a paid service. Do they have any right to block access to the account because they "feel" the password should be changed?
Maybe next time they decide that for security purposes I'd have to send them naked picture of my wife. Or how about making customers to make 20 push-ups before taking money out of ATM, that would be healthy ...
Little off topic, I am glad eBay does not have stupid policies like that yet.
