When I’m expected to change my password every 6 weeks, I want it to be as painless as possible (because let’s face it, my brain power is busy being devoted to having to remember a new password).
It seems harmless to begin with, looking every bit like your standard password reset form*.
But then you get to the two buttons. “Change Password” or “Continue”. In my confusion, I just hit the “Enter” key, which thankfully activates whichever button is supposed to be pressed.
Apparently I did something wrong, because I got this error message: “The credentials entered are not valid. Verify that the password entered for the old password is valid, and try again.”
I thought to myself, “that’s weird, I’m sure I typed in my old password correctly.” I pressed the “Continue” button, went back to the form, typed my old password out in plain text in my browser location bar, copied and pasted it into the password reset form, typed in my new password, hit “Enter” (since I still wasn’t sure which button to press), and… ended up back at this error message again.
After trying a couple more times, it occurred to me that maybe the issue wasn’t with my old password, but rather with my new one. It was a password that I had previously used, and I was hoping to reuse it to control the exponential growth of passwords I have to remember. So I tried a more different password (if you don’t get the pop culture reference there, watch this: Trogdor), and lo and behold it worked.
So when they say “there’s something wrong with your old password,” what they really mean is “there’s something wrong with your new password.”
That makes sense. Bad form, Microsoft, bad form.
*I understand why you have to enter your old password first (in case you’ve left your account open on a computer and some nefarious person comes along and decides to not only play around in your account but also reset your password so you can’t access it), but in the case of MS Web Access, one of the ways to change your password is to check off the “I want to change my password” box as you’re logging in. It takes you right to the change form above. I would think that in a situation like that, you could omit the “old password” field.
Although now having reflected upon it further, I suppose it’s a safeguard against people who have passwords autofilled… the same nefarious person could autofill your password to get in to your account, but they would still be unable to reset your password. I guess that makes it ok.