Some months ago I griped that the USPTO’s new Financial Manager system had a much-too-short sixty-day period for forcing users to change passwords. (Fourth bad thing about FM, blog post of June 22, 2016.)
After this, some listserv members reported doing password changes and being told by FM that the next change would be six months in the future. This sounded like good news to me.
I also found, as of a couple of months ago, that when the FM system would force me to change my password, I could simply “change” it to the same password that I was using before.
Now it seems there have been at least two customer-unfriendly steps backwards. The time period for forced expiration of an FM password seems to have been cut back to a mere sixty days again. And the system now refuses to let me enter the same password as before. Indeed someone at the USPTO with too much time on their hands has gone to the trouble of coding this step so that I am denied the ability to use any of the previous twenty-four passwords that I have used before.
Again this makes things less secure, rather than more secure. It guarantees that the user will have no choice but to write the password down and tape it to the computer monitor.
We customers are grown-ups and we can make our own decisions what sort of password we are happy with. (It’s not good that the system imposes unnecessary requirements about the password having to contain a capital letter and lower-case letter and a smiley face and a punctuation mark and a numerical digit, and requiring that it be at least twenty-four characters in length, and so on.)
We can make our own decisions when we want to change our passwords. (It’s not good that the system forces a change every sixty days.)