There’s very little not to like about Target, but I just found one thing–their RedCard online account password policy:
Please Note: User name and passwords cannot be the same. Your user name must be 6-20 characters long and cannot include special characters or spaces. We recommend that you use at least one alpha character and one number. Your Password must contain at least one number and one alpha character, must be 6-20 characters, and it cannot be the same as your past 6 passwords.
Cannot be the same as your past 6 passwords??? What the heck am I supposed to do? What do they think, that I have a little black book with my 874 various internet passwords? No, I have a base password that I modify based on the website. And whenever some website’s security nuts put in place some extra-special password protection rule, it really screws with my ability to remember my password, which increases the likelihood that I’ll have to write it down or put it in a spreadsheet, which increases the chance that my password is not security.
Note to self: Your Target RedCard password now uses your super-secret algorithm to the third-degree. Remember that so you don’t have to spend another 15 minutes of your life on the phone with Target RedCard support trying to get your account unlocked.
um…you could do what most lazy IT nerds do. take whatever alphanumeric password you use, and whenever it expires just add 1 to it. for example, if your password was illforgetthis1, just change it to illforgetthis2, illforgetthis3, illforgetthis4, etc.
that way, you’ve still got one “base” password, just a number to fiddle about with.
of course, publishing this secret probably makes me prone to people trying to nick my password now.
Ditto