This is a collection of thoughts and statements about things that annoy me. I am a big, angry man. Hear me roar, or piss off and give me peace.

Sunday, October 29, 2006

The illusion of security

Having just logged in to check the balance of one of my credit cards, I was confronted with this abomination as I was forced to change my username and password for the site:

Password Rules
• Your password is case sensitive.
• Your password must be between 8 and 20 characters.
• You can use letters, numbers, dots [.] or dashes [-].
• Your password must contain at least one letter and one number.
• If there is only one number, it must not be at the beginning or the end of your password.
• You must not have more than two of the same characters in a row.
• Your password must be different from your user name.

So, in other words, a couple of passwords I have used elsewhere, and *are secure* cannot be used here, since they only allow dots and dashes, rather than a sensible ASCII character set...

Who the fuck are the idiots who set this up? There are going to be people all over the nation writing down their internet banking passwords because of utterly stupid policies like this. Make the passwords have one of a letter, a number and a symbol, be >= 6 characters (8 ideally) and run it against a dictionary when set, to avoid dictionary words from stupid people. That's a fairly basic UNIX like password policy, and one which isn't totally fucking stupid.

Suffice to say, I am about to pay off the card, and cancel it. Bastards.

No comments: