Skip to content

Why is it so difficult to change your iSolutions password?

Thu 13th December 2012

There was a magical hiatus of about 3 months where we didn’t have to change our password on our University of Southampton iSolutions account. Life was peaceful, productivity increased and there were less incidences of people randomly punching the wall.

Now the 6-monthly-change-your-password dance is back, and because I didn’t see it coming (i.e. the repeating reminder in my calendar is 3 months out – thanks iSolutions), my password has now expired and I cannot even log into the password changing application with my old password.

Here I will document the rigmarole that you must go through to change a password that has expired.


To get in, you have to pretend that you have forgotten your password. Which you haven’t, it has expired. The front page doesn’t say this anywhere, and the link to “Forgotten your Password” is pretty tiny.


This makes you jump through the hoops of answering:

  • University ID number
  • Surname
  • Date of birth

Seems reasonable, though nothing you couldn’t find out from Facebook, given SUSU makes societies collect ID numbers so can be harvested from any University group during November.

Then you agree to the terms and conditions of use, then you have a security question. Fortunately these are fact based and not subjective!


The next bit is that it randomly generates a new password, and puts it helpfully in a drop down box. I guess this is to stop shoulder surfers who can immediately memorise 8 random characters, or trojans scraping your screen. However, it also serves to make it difficult to copy and paste (of course you can View Source… or Inspect Element to get at it), so I guess most people write it down, making it easier for that shoulder surfer again.

The great thing is that you have to write down or copy and paste this temporary password so that you can navigate back to the login screen, so you can get in to change your password. Why so many steps? Let me change it NOW!


Then to change your password, you have to login using HTTP AUTH, instead of an on-page login form. Feels a bit jarring.

And finally to the password rules. Personally I don’t think this is secure information, but I have no doubt I would get in some sort of trouble for posting the exact details. Inevitably it requires a mix of everything, but is limited to 14 characters, to make sure it’s not too secure. Also, you can’t reuse an old one, obviously (there’d be no point in making you change it)!

And there we have it. Another 15 minutes of my life wasted in trying to change my password.

Update 14 December 2012

The final kick in the teeth is that I’ve gone back to change my student password (yesterday was my staff account), and for some reason the session is still being maintained, so I am still logged in as my staff account, with no way of logging out! Until I clear my cookies or switch browser, I am only allowed to change my staff password 🙂

  1. adam1warren permalink

    Which is why you need a system, whereby the new password is a predictable variant of the old one. For example, in the old MyView system I just used to add an extra ! to my password each time it was reset, until eventually it became 1hateMyView!!!!
    Note the masterful substitution of a 1 for that initial I and the cunning mix of upper and lower case with symbols, as required by the rules. All I needed to remember was how many explanation marks to put at the end. As you can see, I got it wrong three times before they changed the system 😉

Trackbacks & Pingbacks

  1. Recommended article: rethinking passwords « Clare Hooper's Blog

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: