Bank of America requires that your password be only alphanumeric.
Wait. Let me get this straight. You want me to supply a password that consists of only letters and numbers, thereby increasing the likelihood of simple dictionary attacks? And this is “to make sure [my] passcode is sufficiently secure”? Apparently there are “invalid symbols” that I should avoid…to…you know…avoid symbols that are…invalid? What?
Seriously, what kind of complete idiot came up with this policy and how has a national bank with astronomical security needs let it force sheer idiocy onto its users? The requirement should be precisely the opposite: “if you don’t put at least one non-alphanumeric character in your password we will come slap you in the face and steal your keyboard”. We should be encouraging better passwords whenever possible, not practically begging people to use password1.
I have this Utopian wish that some day bank security will be run by actual security experts rather than completely incompetent businessmen.
Yeah, that’s retarded.
Something else that bothers me: the thumbs-up, thumbs-down icons. If they’re gonna use the image of a right hand for the thumbs-up, they should use the same hand for the thumbs-down. The way they switch from right to left irritates me.
Good call Bethany, I couldn’t place why that felt weird.
But hey, at least you pass 3/5 tests without even typing anything.
What scares me about that policy is that it makes the passwords readable… What I’m thinking is, I sure hope that when you call to get your password, they don’t read it out to you.
I usually disagree with requiring passwords to be reset rather than given (though I completely understand why this happens, and paradoxically agree with it at the same time), but banking passwords are one thing that shouldn’t be given that way.
And yeah, letters and numbers only encourages password1, though password1! isn’t far from that.
On second thought, though… ’s’not as bad as Pizza Pizza.
“Please enter an alphanumeric password”, it says on the page. It even insists it in the JavaScript alert.
… but what it actually checks for is numbers only. And after doing that check… it checks for alphanumeric characters.
Huh?
The Most Ridiculous Password Policies…
No matter how secure your systems are, everyone knows that the humans are the weakest link in the security chain. So, what can you do to reduce the human-factor risk? Many, many things. But today I’m writing about not enforcing ridiculous password pol…