It’s 2007. There’s absolutely no excuse for websites today to not allow
special characters in their passwords. Whether you use a memory scheme or
an encrypted database application
for generating and storing your passwords, it’s highly annoying when you
come across a site that requires you to lower your password security
standards based on character length or complexity.
Few things are more annoying then using your regular algorithm for building
a password (one that uses upper, lower, numbers, and special characters)
only to have the site tell you that you need to dumb it down in order for it
to take it. And it’s even worse for those using password programs that
auto-generate extremely long and complex passwords. Having a site tell you
your security is “too good” is simply unacceptable.
So after being bothered by this one too many times I blogged about it and
created
a post in the BBR Security forum
asking for sites that have this flaw. Here’s the list we’ve come up with so
far:
Digg !
Suntrust Bank
Chase Bank
Verizon.net
Wells Fargo Bank
Sovereign Bank
Americanexpress.com
BB&T NASA Credit Union
Space Coast Credit Union
Earthlink
Cafepress.com
Equifax.com
Progressive.com
Merrill Lynch
[ Please
contact me
with additions and corrections/deletions ]
The ones that stand out are the financially-oriented sites, obviously, but
the fact that
Digg
doesn’t allow special characters just blows my mind (Reddit
does). Surely one can make an argument that passwords are weak anyway, that
password length is the most important issue, and that most sites have
lockout features, etc., but ultimately the arguments for
not implementing this are lame for a simple reason:
The bottom line comes down to this: people should be able to use advanced
memory-based techniques or password applications that generate very long,
complex passwords and have them work everywhere. Sites that force users to
lower their standards should be exposed and asked to modernize.
So if you use one of these sites, do the Internet a favor and contact
customer service and file a complaint. With enough attention I think we can
get at least a few of these to do the right thing.:
Meet Mary — Your Smart AI ICT Teacher for O-Level Secondary Education in Uganda! Welcome…
Journey Through Faith: An Introduction to Senior Three Islamic Religious EducationWelcome, students, to an enriching…
Meet Isha Karungi — Your Smart AI Islamic Studies Teacher for O-Level! Welcome to the…
Having studied Spanish for over 6 years, I knew what dulce de leche meant. Sweet.…
I found kiwis on sale. Five for $1! In the middle of winter. In January.…
An experience. That’s what Ghirardelli is to me. For many years, San Francisco was a…
Leave a Comment