Because sysadmin is too damn lazy to just tell you they want you to change your password.
Reminds me of yesterday when I played Uno on the Switch against the AI. Blue was the color. One bot had to keep picking up cards until they could play. Finally they picked up a switch-color card.
They picked blue.
😐
I like it when they tell you the old one expired thats why it doesnt work. Why is it soo hard for some sites to tell me!
My somewhat educated conspiracy theory is that companies do this when they know their user data has been stolen, but they don’t want to go public with the breach.
Just quietly invalidate everyone’s password so everyone is forced to update them, making the stolen data useless.
This happened to me recently, it was actually a password policy change. My old password didn’t have all the required types of characters
So it was saved in plaintext?
Your own fault for not encrypting it before you type it in 🧠
Not a conspiracy. Sysadmins have admitted to doing this all over the internet.
Bonus when you’re using a password manager so it’s guaranteed to be correct since you’ve filled it with that for years.
Hulu and Disney+ did this a few years back. I was constantly forced to change the passwords. They denied it when I called, but someone at the call center caved when I told them it was the only way I was getting off the phone, they even comped me 3 months of billing. If you have time, stay kind and be persistent and you can wear most people down.
It’s because it keeps track of either all previous passwords or like a certain amount back. So you definitely used that one at some point, it just wasnt the one you used now.
I got stuck an utterly embarrassing amount of hours on this the other day because I recently changed my password but managed to set it with a typo.
I know it is correct, I wrote it down in my password manager, what the heck is going on, have I bern hacked? Do I have extremely specific disk corruption?
At the end I was wondering if the password algorithm was hitting some dodgy hardware (ram, rdseed32…) and just sat numbly and entered the password over and over again to see if it behaved differently. …and on one of those attempts I managed to do the same typo and the mystery was solved.
Protip: Change your password in the manager first, then copy from there to the form. Your password manager should handle your passwords for you; there’s no reason why that shouldn’t apply when you first set them.
I generally try to keep to a policy where system passwords and the password manager’s master password are the only passwords I ever enter manually. All other passwords are generated and saved in the manager and then copied over.
That works pretty well if the website doesn’t misguidedly disable pasting into one of the password fields. Even then I try to paste into the other one.
Good tip! Usually do that, but this was full disk encryption, which I have to enter in the terminal and not on anything the password manager integrates with. I could still have gone through typing it on screen and copy/pasting it, though.
The recommended way, which I am sure to follow next time, is to wait a few days to remove the old password. (Full disk encryption can have any number of passwords added.)
And remember Gmail.
bern
A clue!
