Bullshit IT trick. If they suspect a possible security compromise they’ll force this out to everyone. It gets you to change your password without them revealing that they may have been compromised and had data stolen.

Companies like Apple say the password has to have a capital lowercase number and 8+ characters. But leave out that your password can’t be something you have used in the last year, can’t contain your name, birthday, or email address. Those errors will come up separately. In this case it would say you can’t reuse your password. It doesn’t say your last password because it wasnt your last password. Some people just don’t use the password daily/weekly, so they forget 6 times a year and have to keep resetting it.

Also the number of people forget their passcode because they use face/touch id all all the time is higher than you’d expect apparently. I knew someone who used to complain about it when they did support for them. Essentially people plug their device in every night, use it daily and never turn it off so it always accepts face or touch. Then they leave automatic updates on … and it restarts for an update and they can’t get back into their device because face/touch doesn’t work on first boot, it is a subsidiary of the passcode and cannot be set up without the passcode.

Then since they forgot their passcode, they have to wipe everything from the phone to bypass it… But of course they don’t know their password so they can’t sign back into their account and it is then activation locked because that’s how they prevent people from using stolen devices.

Then the extreme cases dude was telling me at that point is they changed their phone number at some point, so they can’t reset their password without it, it takes days if not a week to recover the account, all the while their phone is a brick

my favorite is my login for my phone needing me to authenticate i with… the authenticator… on my phone…. which to log into the authenticator…. requires me to verify using the authenticatior…

you call the IT department and i get an AI telling me that all password retrievals are done through the web portal, so it sends the password reset… to my email, accessed by my phone, that needs me to authenticate using the authenticatior…

the real answer it to lie to the AI to talk to a person and ambush them with a password reset and don’t take no for an answer.

i am currently 1 month behind on my required training modules about the importance of network security.

If your talking about a company like Apple, they can’t reset your password no matter what, they have no access. It is only controlled by the user unless it is an account recovery which takes days. (Which if a user creates an account recovery key, it takes it completely out of their hands). It’s a 28? Digit code that makes it so the password/account can never be recovered without that code and access to the phone number on the account unless there is still a device logged into that account you can change it from. You could have spent $8000 on the account for subscriptions/music/whatever, you won’t be able to access it ever again. All purchases lost