My favorite one was when I supported a customer who expired our passwords every 60 days, and resetting it involved calling Sweden (from the US) between roughly 10:30pm and 7am Pacific. Needless to say, of the 40 or so people who should have been doing this, few of them were.
And that was just one of a dozen or two customers with varied policies requiring we turn over SSNs, carry SecurID tokens, install various soft tokens on our laptops, roll passwords every so often, go through various and sundry jump hosts, etc......
And that was just one of a dozen or two customers with varied policies requiring we turn over SSNs, carry SecurID tokens, install various soft tokens on our laptops, roll passwords every so often, go through various and sundry jump hosts, etc......