Did you read about the guy who had his password changed by a bank staff member from “lloyds is pants” to “no, its not”?
I don’t care what kind of account this guy had — shared passwords? Stored in the clear? Visible to bank staff? Password policies that state he can’t make his shared, stored-in-the-clear password for his business banking account longer than six characters, one word?
This is my favorite quote:
“In this case it was a business banking customer using a system where more than one person from a business can check their balance.
“In these cases an advisor can read the full password.
“But if such customers require more complex transactions, then full security procedures apply and advisors cannot read secure information.”
Who wants partial security procedures? Ever? And how could you ever trust what this bank’s idea of a full security procedure is?  I wonder how many customers use the same password for viewing their bank balance as they use for the rest of their activities with the bank? Probably quite a few. Good thing one of the two is protected by full security procedures, eh?
In a previous lifetime I was an IBM VM/XP systems administrator. User accounts were stored in cleartext in a file. My great learning from that?
Family and pets. Most people’s passwords were family and pets. Which I guess might be okay if you put special characters in a pet’s name. (But how much of an ubernerd would that make you??)