I guess this is thread drift time.
I hate passwords. Why do they make them so hard to remember that you have to write them down. Who is going to write each password down on a different sheet of paper and hide all that paper in different places? The alternative is to write them all down on a single sheet and pray to whatever God you believe in that nobody untrustworthy finds it.
My solution is to create different passwords for each site and write down clues to help me remember the password.
Facial recognition makes it easier, but what if a mugger steals your phone and points it at your face.
The touch pad recognition is a little better, until that mugger cuts off your finger and takes it with him.
Perhaps a cloud based password manager might be the answer, if someone can promise me that nobody will ever be able to hack the password cloud.
The point is Rich, have a little sympathy for those of us that are password challenged. At least when you call them an idiot, say it politely.
Except that I called the password-forgetters "jokers," not "idiots." The ones I called "idiots" were the ones who go into cPanel or Webmail, turn the spam-filtering off, and then call me to complain that they're being barraged with spam. In other words, more to Bruce's point, they call me and yell at me, often at bizarre times, to solve a problem that even they admit they caused themselves.
Sometimes these people turn off the spam-filtering because one of their correspondents got themselves on a spam list and that correspondent's mail was being blocked, which is a legitimate problem. The thing is that in the same place where they can turn the spam-filtering off, there is an option to whitelist specific addresses, or even entire domains.
There also exists an option to keep the filtering enabled but disable auto-deletion; so they'll still get the mail, but it will be marked as spam. It doesn't exactly require an Einstein-level IQ to figure it out:
So I have little patience for users who call to complain about being barraged with spam because they themselves turned off the spam-filtering, and are too lazy or stupid to either turn it back on or otherwise fix the problem by using one of the options available to them in the same GUI panel in which they turned it off in the first place.
I recently decided to force the spam filtering and remove the ability of users to disable it. We'll see how that goes.
The password-forgetters, on the other hand, are more jokers than idiots. I don't include in this group those who call for a reset every four or five years when they replace a computer and don't remember the password. I'm talking about the ones who call once or twice a month. They're jokers because they never think to save the passwords in a safe or to use a password manager. But they're not idiots because at least they're being proactive about password security.
I also bear part of the blame because I have password recovery disabled for security reasons. There have been times when that's been exploited, so I keep it turned off. But I rethink that decision every time a joker calls me with a password-reset request.
On a more practical note and in the interest of furthering thread drift, here's one reasonably safe formula that you can use to keep track of passwords and that requires only one variable to be saved: The most recent date you changed the password. That can be the date you opened an account or the last time you changed the password. Those dates can be saved in a text file and no one else will know the significance, yet the passwords will meet almost all complexity requirements.
{Year of most recent change} + {Some word of significance to you, like your first pet's name, with the second letter capitalized } + {Month and date of most recent change} + {A special character that you will always use}
So if you choose your first pet's name and a ! as the variables, and you changed your POA password today, the password might be:
2019rOver0312!
and the text entry would be
POA 3/12/19
Save the password date change file in an encrypted ZIP file on on your computer and on a flash drive every time you change an entry, hang the flash drive on your key chain, and use a decent password manager for regular use. Even if someone stole the flash drive and managed to crack the ZIP file, all they would have would be a list of dates.
Rich
