My wife's phone was stolen last week. Though her data is password (/fingerprint) protected, and all of her passwords are stored in 1Password behind a strong master password, she still felt more comfortable after changing the passwords for things accessible from her phone.
Since she was doing it, I decided to go through and change some of the passwords I haven't changed in some time. While doing that I found three common ways that websites would inconvenience me.
Just let me delete my account
For a lot of the accounts, the reason the password hasn't been changed sooner is because those accounts just haven't been used in a very long time. For some of them I wasn't even sure what the website was and when I signed up.
For these websites, my preference is to just delete the account, but when looking I found that surprisingly few sites actually let you do that. For these, I removed anything on the profile that relates to me, changed the password to something random, and abandoned the account. There's really no reason to not allow people to delete their account.
I haven't forgotten my password
So many websites just don't let you change your password. Or at least, they don't make it easy. For several websites the only way I could find to change my password was to go to "Forgot my password" and wait for a reset email. Changing your password is such basic functionality for any website with accounts.
Frustrating password policies
The worst is when services put arbitrary restrictions on your password. This screenshot is from Virgin Media. Why in the world would they have a maximum length? and restricting special characters? and the first character has to be a letter?
It suggests that they are probably storing the password directly, rather than hashing them, which is very worrying if that data is ever compromised. A quick search of Twitter shows that Virgin Media are not the only ones with strange password policies.
Get the latest posts delivered right to your inbox.