“A program has a misleading, wrong or otherwise useless message; and the person on the help desk is clueless. And you are *surprised* ?”

Respectfully, this is not an identity management problem it is basic software design problem. If the website had in an effort to protect you against yourself, politely, informed you that you long standing dictionary based password had been expired and that you should have a cryptographer generate you a new one (then kill the cryptographer – They are currently in season anyway). You would have no problem with it – and we would have a blog entry on something else. Basic software design techniques should have caught this problem that is where your criticism should go.

See you after your next flight.

Pam says: of course you’re right — the only difference is that identity & access management software exists to abstract this functionality away from general software design. Even the simplest portal software can notify you and help you to change your password. To mess up something so very well understood and commodotized is, to me, even dumber than messing up your site’s regular content.