I'll preface this by saying that at the hospital they are finally getting around to requiring secure passwords which require that the password have at least 3 out of 4 of the following... Upper case letter, lower case letter, number and/or special character. It's pretty standard stuff for most places but the hospital only now decided it would be a good idea to have secure passwords.

It's about 6:30am and I'm finishing up some work when I hear the morning shift guy talking to a customer about changing their password. The morning shift guy, we'll call him BB, is talking to a customer and the conversation went something like this

BB: Ok, I need the last four of your SSN

Cust: 1234

BB: Good, I've reset your password to MonkeyFootball123

Cust: It's not working

BB: Are you trying to log into the WOW or into EPIC?

Cust: EPIC

BB: Ok, that's why. Log out of Windows and log back in

Cust: Ok, it's prompting me to change the password

BB: Great. Put in a new password and you'll be all set.

Cust: It's not accepting my new password

BB: Make sure you're not using a password you've used in the past 10 months

Cust: It's still not accepting my new password

BB: What's the password you're trying to use?

I will point out that I don't ever ask a customer what password they're trying to use, simply because I don't want to know what their password is.

Cust: Sammy1984

BB: That should work. Come on down and we'll see if we can fix this for you

So I've only heard BB's side of the conversation so I ask BB what the deal is. He says that the customer is trying to set a password to Sammy1984 and it's not working. I ask the obvious question

Pavix: Is the customer's name Sammy?

BB: Yep

facepalm

Pavix: You can't use the persons name as part of the password

BB: Why not?

Pavix: Seriously? Why not?? Because it's easily guessable.

BB: That's ridiculous

Pavix: No, that's called basic password security.