Here's a practice I see often. Some vendor sets up access and they choose a user name for you. So, to these folks, I am MRubenzahl428. That is not what my mother meant to name me. Please let users choose their own user name.
Then they give you a password. Which is 4vu6$tr2. To be fair, they require me to change the password. But the login is forever. You may call me Mr. 428. "I worked so hard to get that title, so I’d appreciate it, thank you.”
So: Of all the logins I have, guess which ones are on a Post-It on my monitor? Nice security, guys.
Not done yet, one more kvetch. They send an e-mail message:
Welcome to Dolts.com. Here is your Dolts login and password:
Login ID: MRubenzahl428
What? They sent my login and password in a single e-mail. They even labeled them. Don't they know e-mail is transmitted as unencrypted text?