Here's your password, plus a little extra.
I applied to a university a while ago that's moved all their class listings online. They send you a letter with your username and automatically generated password, which you have to activate and then change. After trying it for a couple of days, I gave in and called their help line. I read the tech my username and password and he immediately knew what the problem was:
"Yeah, sometimes the system generates a password with part of your social security number in it. We're not sure why, but those never work."
Phew! at least it doesn't contain your DNA sequence!
Why did you even consider applying at the WTFU?
Hmmm cant find no links to the WTF university WTFs... oh well..
Are they doing the strong password check.... at login time?
It's one thing to do a password strength check at password-selection time, and checking for SSN fragments is logical there... But at login time? WTF?
on our system we do the strong password check at login, but we don't BLOCK you if you put in the right password and it is not strong, we just redirect you to the password change page and force you to change it.
[quote user="merreborn"]Are they doing the strong password check.... at login time?[/quote]
My first thought was that it was setting the password without the SSN bit, but adding it in when it sends the letter for some reason - maybe a buffer overflow overwriting a string terminator somewhere?