Bullshit IT trick. If they suspect a possible security compromise they'll force this out to everyone. It gets you to change your password without them revealing that they may have been compromised and had data stolen.
Companies like Apple say the password has to have a capital lowercase number and 8+ characters. But leave out that your password can't be something you have used in the last year, can't contain your name, birthday, or email address. Those errors will come up separately. In this case it would say you can't reuse your password. It doesn't say your last password because it wasnt your last password. Some people just don't use the password daily/weekly, so they forget 6 times a year and have to keep resetting it.
Also the number of people forget their passcode because they use face/touch id all all the time is higher than you'd expect apparently. I knew someone who used to complain about it when they did support for them. Essentially people plug their device in every night, use it daily and never turn it off so it always accepts face or touch. Then they leave automatic updates on .. and it restarts for an update and they can't get back into their device because face/touch doesn't work on first boot, it is a subsidiary of the passcode and cannot be set up without the passcode.
Then since they forgot their passcode, they have to wipe everything from the phone to bypass it... But of course they don't know their password so they can't sign back into their account and it is then activation locked because that's how they prevent people from using stolen devices.
Then the extreme cases dude was telling me at that point is they changed their phone number at some point, so they can't reset their password without it, it takes days if not a week to recover the account, all the while their phone is a brick
my favorite is my login for my phone needing me to authenticate i with… the authenticator… on my phone…. which to log into the authenticator…. requires me to verify using the authenticatior…
you call the IT department and i get an AI telling me that all password retrievals are done through the web portal, so it sends the password reset… to my email, accessed by my phone, that needs me to authenticate using the authenticatior…
the real answer it to lie to the AI to talk to a person and ambush them with a password reset and don’t take no for an answer.
i am currently 1 month behind on my required training modules about the importance of network security.
If your talking about a company like Apple, they can't reset your password no matter what, they have no access. It is only controlled by the user unless it is an account recovery which takes days. (Which if a user creates an account recovery key, it takes it completely out of their hands). It's a 28? Digit code that makes it so the password/account can never be recovered without that code and access to the phone number on the account unless there is still a device logged into that account you can change it from. You could have spent $8000 on the account for subscriptions/music/whatever, you won't be able to access it ever again. All purchases lost
from what people told me who's had this happen, even with a lost account recovery key it is possible to recover the account, it's just apple doesn't advertise it.
Basically it's the same account recovery process but they nuke the accounts cloud(which is likely a deal breaker) prior to handing the account over. The issue is you can't start that from a self service portal, it has to be originated from apple support and getting them to actually do it can be a pain because they don't like to for obvious reasons.
also i believe Not having a method of account recovery that allows you to retain goods that was exchanged for monetary value would be concidered fraud so I would expect they are forced to have some way of retaining purchases as long as you can clearly identify yourself as the buyer
It's factual you will lose it. It even says you will have a permanent loss of access to the account if you don't have the information supplied to you to recover it. Basically you signed a contract that you won't lose it and you control it, then you fucked up. Not their problem is what they see it as.
God's, I'd hate to deal with losing my phone number. I have most everything crosslinked where my number isn't the only option, but some I'm sure would still give me a big fat FU to deal with. I have all my passwords to everything correctly saved in my PW manager, at least
There's a special category reserved for the devs that design their apps to invalidate passwords, but not give a message saying the password is invalidated and needs to be changed.
In my experiences that is usually the cause. Them invalidating the password sending an email (or sometimes not). cue me trying the old password, failing, changing the password, and getting that message. /tableflip
Came here to say this.
Pretty sure most of the time the password is expired or invalidated, as you said, but whoever vibe coded the system was too lazy, too dumb, or too terrified of being blamed for the frustration of changing a password, that they think it is better to put ALL the frustration on the user.
Whatever the reason, I fucking hate them.
That's to real to be funny.
2 Real 2 Funnious
I live my life a quarter-smile at a time...
I owe you a ten-second laugh
Is he watching the sunset, or did he throw his computer in the water?
Yes?
I've gotten "New password cannot be the same as the four previous passwords". I live too far from a large body of water to watch the sun rise/set over the horizon and ponder my life.
That one is okay-ish. The one that is going to have me getting in the elevator with my samurai sword to go and have a chat with somebody is "Your password cannot contain any sequence of characters from previous passwords," or "password cannot be your old password backwards."
Sure, just admit to me that you're storing passwords in plain text as carefree as you like.
Password1
Password2
Password3
Password4
Password5
Password1
Aaaaaaaand repeat.
Shuddup, you don't know me!
All I see is *********
At least it's not "Invalid, this password is already taken by user SweetyPie1997"
my bank did this shit to me. I finally tracked down a dev that worked on the software through LinkedIn.
I asked why the fuck does this happen. their response?
When your password expires it will give you a password invalid on login. this is the best way the software can force a password change.
I seriously wanted to hurt the guy, but realized he was just trying to deliver a feature that his boss wouldn't give him the time to fully deliver on.
now, for a moment, just imagine how many other corners were cut when your banking software was written...
This happened to me yesterday. Turned out that the site had a password length limit on the reset-password-form, but not on the login page.
Government sites do this to me more frequently than any other site. The worst part is that I use a password manager so I know for certain it's the correct password.
Some sites have a character limit they don't tell you about. They accept the password when you make it, but they also chopped off the last 10 characters.
Those devs need to go straight to jail. Do not pass Go.
Password is only 8 characters. It's the perfect password!
I only see ********
edit: boo my hilarious joke from 2005 doesn't work
hahaha, you hunter2ing hunter2.
Yes. I tried my best, but failed miserably.
But then again, failing miserably is my best. So in a sense I succeeded as expected.
Task failed successfully
Google, of all companies, limits passwords to just a hundred characters.
When that happens I usually just exit the password reset page without entering a new one and then log in again with the old
Incorrect Password
They invalidate it because they got hacked or they fucked up some other way but they don’t want to admit it, so they don’t tell you about it and they act like the user is wrong.
Seriously.
Fuck the cyber idiots and their "change password" requirements.
Current best practice in cybersecurity is to not arbitrarily ask users to change passwords every x days, so any site doing this are following old guidelines.
Yes, because among other things this annoys users into just writing down their password on a Post-It and sticking it to the bottom of their keyboard or monitor ripe for any passerby to take.
I have explained this to various management types repeatedly over the decades and nobody seems to get it.
Why can't people use a password manager
But also ‘passwords don’t even matter anymore. They don’t keep you safe. Get an MFA’ And yet it has to be changed every 3 months with complicated instructions on characters
my bank blocks the ability to copy and paste passwords into the password change form.
want to have a 128 character alphanumeric password with multiple special characters? you're going yo type it allllll in, twice.
oh, you have @%:;}°¥¢ characters in your password? we only allow !?+-(). now do it again.
hey, we noticed your password has too many repeating characters. repeating characters: 88 now do it again.
hey, your password must start with a letter.
hey, can't be an uppercase letter.
hey, can't end with 0
God the college I went to had you change your password once a semester, so twice a year. But the password couldn't be the same as any of your last six passwords. What the fuck are you expecting from me?
What the fuck are you expecting from me?
PasswordSpring2026!
Comic Strips is a community for those who love comic stories.
😇 Be Nice!
🏘️ Community Standards
🧬 Keep it Real
📽️ Credit Where Credit is Due
📋 Post Formatting
📬 Post Frequency/SPAM
🏴☠️ Internationalization (i18n)
Sí, por favor [Spanish/Español]🍿 Moderation
The following artists are banned from the community.
It should be noted that when you make reports, it is your responsibility to provide rational reasoning why something should be removed. Saying it simply breaks community rules is not always good enough.
Note: This is not a rule, but a helpful suggestion.
When posting images, you should strive to add alt-text for screen readers to use to describe the image you're posting:
Another helpful thing to do is to provide a transcription of the text in your images, as well as brief descriptions of what's going on. (example)