I blame Microsoft for most of the password policies my company implemented years ago and won't change. Mandatory password changes included.
While on my soapbox, I'd like to tell them that it's really dumb to count multiple attempts of the same password individually and then lock you out after you attempt the same password three times. And your most recent password should count as zero attempts. These kinds of dumb policies only hurt legitimate users and do nothing to improve actual security.
While on my soapbox, I'd like to tell them that it's really dumb to count multiple attempts of the same password individually and then lock you out after you attempt the same password three times. And your most recent password should count as zero attempts. These kinds of dumb policies only hurt legitimate users and do nothing to improve actual security.