One negative for Farnell in January, based on the email I've received from them. It is going to be a pain; it doesn't fit into my normal password schemes, so either I'll forget the new password or I'll have to write it down.
During January 2018 we will provide additional security features relating to your online account.
We will also be amending the way in which password resets are requested to ensure that the new
process follows accepted security best practices. When selecting your new password you will need to
ensure that it is at least 8 characters long and includes 1 capital letter, 1 numeric and 1 special
character. You can, of course, change your password at any time should you wish.
To help you prepare for this, we have also noted below some good rules around password choices:
Always Make them strong and change them regularly
Keep them a secret
Use a different password for every account you have
Use a mix of letters, numbers and special characters
Never Write them down
Share them with anyone
Use passwords that are easy to guess
Now I really don't care about whether their password reset procedures follows "best security practices", but their password requirements sure as hell don't follow the advice from experienced security professionals.
There's an old security adage: "passwords aren't there to protect you, they are there to protect the company - by providing plausible deniability". So, what's caused Farnell to think it is worth annoying me in this way?