I’ve seen dozens if not hundreds of articles stating the completely obvious: If you make people change their passwords every 90 days, put in place complexity rules and checks to stop them reusing passwords, and make them change the password on 4 different systems, the end result will be that people will need to write down their passwords somewhere near their computer. So why hasn’t the company I work at gotten that message yet?
It’s bad enough that I have to use the password recovery feature on 2 of those systems because it’s evidently not the one I wrote down, but the wonderful little system I use for generating passwords I can remember doesn’t work if I have to keep changing it.