|
|
|
|
|
|
by cf0ed2aa-bdf5
5125 days ago
|
|
|
My (German) bank only allows passwords up to 5 characters. When I ranted about it on twitter some IT guy from a local branch commented about that is totally enough since they do an hour lockout after 3 wrong tries. I'm thinking about switching banks now... |
|
|
o Your German bank may have your password stored in an Utimaco/Sophos Hardware-attack-resistant keysafe, not hanging out in some linux hash file.
o If they lock you out after 3 tries, and the keyspace is [a-zA-Z0-9] - that's 916,132,832 combination, and only three attempts to get it right before being locked out.
On the surface, it sounds much less secure, but, depending on their procedures and hardware, it might be significantly more secure than a 9 character password that goes into a hash file that is software accessible.
Of course - better case - is a Hardware key safe that lets me store my 30 character 1password random password.