At my company, you have to answer your secret questions over the phone whenever you call the helpdesk in order to verify your identity. And if you put some bullshit in there, they will make you fix it.
Seriously, and IT people wonder why everyone hates them. Maybe if you didn't act like an arrogant prick all the time with regards to IT policies that don't remotely reflect objective reality, people wouldn't give you so much shit all the time. At work, I have six different passwords. One to actually log into the computer, one to log into Citrix Desktop, one for Antrim, one for Co-Path, one to look at/print out my pay stub, and a sixth one I forget because I never use the application. According to policy, all these passwords must be different, and all must be at least 12 characters consisting of mixed case and symbols. They must be changed at different intervals ranging from 90 days to six months, and no new password can be substantially similar to the previous password. Also, according to policy, we must memorize all these passwords and never write them down anywhere, and they have security occasionally check for people putting passwords on post-its and leaving them on the computers. The system also tracks your "access pattern" and will lock you out if it detects something abnormal, I have no idea how this shit is programmed but I get locked out at least once per quarter. When I get locked out, I of course have to call the helpdesk and go through their stupid troubleshooting script even though I have the error code in front of me and they of course have the ability to check to see if my account is actually locked as I claim. No, we need to restart the computer and check all the connections first before we'll help you.
Healthcare IT can die in a goddamn fire.