|
|
|
|
|
|
by criddell
3654 days ago
|
|
|
I complained to my bank that their 12 character password limit suggests they are storing passwords. Their reply was little more than don't worry about it, you aren't responsible for fraud. I asked for them to add some kind of second factor authentication (I'm a fan of TOTP systems) and was told they are thinking about making that available for their business accounts. It bothers me that my most valuable login is probably my weakest. |
|
|
* between 6 and 8 characters
* alphanumeric
* no symbols
* case-insensitive
[1] is a nice writeup of exactly how broken this was until they changed it recently.
[1] - http://www.jeremytunnell.com/posts/swab-password-policies-an...