During my time on the job, being online has increasingly become a part of being in school. The district in which I teach installed a single sign-on (SSO) service a few years ago, enabling access to frequently used software -- now cloud-based -- from one portal. That means, at its best, juggling a smaller number of passwords; not quite 'one password to rule them all' for school doings, but it's close. Of course, that puts a little extra pressure on getting right the SSO password itself.
In its first iteration, the system bolstered security by forcing a password change every 90 days. This year's version added dual verification, requiring users enter a numeric code sent by phone at least once every 30 days in order to confirm legitimate credentialing. That extra layer of protection extends the password's three-month lifespan to a full year. "Big win," I figured, shedding 4+ password changes per year.
My password's birthday rolled around this week, and I dutifully change is as prompted. No problem, right? Except, in the days since, out of well-oiled habit, I've entered my old and now invalid password more times than I can count, which has me weighing the trade-offs of familiarity versus flexibility. I mean, it feels like I'd only recently gotten accustomed to writing down 2022 reliably. (And I hear the clocks are coming for me next, this weekend...)