Broadband Tech > Security > Security > Sites That Don't Allow Special Characters In Passwords !?!

Sites That Don't Allow Special Characters In Passwords !?!

•Digg.com
•Suntrust Bank
•Chase Bank

Re: Big Sites That Don't Allow Complex Passwords !?!

reply to Daniel
I think you're missing the point here. These sites DON'T ALLOW special characters in their passwords. If you try and use punctuation or a "$" or anything like that, they'll balk.

They only allow letters and numbers. It's just bad form.
--
dmiessler.com -- grep understanding knowledge

reply to Daniel
My ISP here in Britain doesn't permit special characters in passwords : They are being pressured to change though

reply to Daniel
Chase has that new double security that is so irritating. I now have to call them every month and get them to issue a special code to use because I flush their cookies after each visit. Chase wants me to keep the special identifier cookie they now have and since I don't their site declares my machine as having never accessed my accounts there before...hence the phone call I must make now every month. I then have to wait for the email after speaking to a representative and having him authorize a special code. Then after I get the email, I have to go to their site from the email link and put in the special authorization code and then finally get into my accounts. It is so irritating that I see little reason to use internet banking now. I would probably save more time mailing the check at the Post Office. My one concern there is that I had the USPS lose a check once for three weeks and Chase would not rescind the penalty when the check didn't reach them in time and I didn't know because I wasn't doing internet banking back then. That is why I started doing internet banking. But I find it less and less appealing. I probably will just start doing automatic electronic deduction with Chase. I never use my local banks websites as I can go in those banks. I guess I should have never gotten credit cards with banks outside my home town.

Why do you think Chase needs complex passwords when it has this new double security thing? Besides, if anyone tries to hack your password after three failed attempts Chase locks the account and even you cannot get into your own account. I had that happen not long ago. I had to call Chase and answer a bunch of questions and then they told me that someone had tried to hack the account and they were surprised that hadn't happened to me before as it was quite common but the would be hackers only get three attempts so I really don't see why you are so worried.
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"

»www.msfirefox.com/

reply to Daniel
I'm not sure why you see this as a problem.

These days if I want a new web site password, I generate a random bit string of suitable length and then encode that in base64, Finally, I delete the '+' and '/' chars from the result for sites that won't allow those. Oh, yes, I do record the password in an encrypted file.

There is a problem with special characters - some of them are differently encoded depending on the national character set you are using. There is a point to avoiding all characters where there is some potential ambiguity as to how they will be encoded.
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.10

reply to Daniel
To get back to Daniel's question:

Sovereign Bank

reply to BlitzenZeus

reply to Daniel
Amex.com aka AmericanExpress.com

6 to 8 characters letters and numbers only not case sentstive.

That scares me since i have a 50k plat buisness credit not charge card with them. ( OPEN FOR BUSINESS credit card )

not to be confused with my Gold Amex Charge card .

reply to Daniel
Unless they have changed during the last year here are two more to add:

BB&T
NASA Credit Union

If they have changed let me know.

I might add that I am totally impressed with PayPal and eBay for implementing the VeriSign ID Protection - more financial institutions should take this service into consideration.

reply to Daniel
Not totally related to your question, but is related, how about companies that give you a username and you can't change it.

For example, my bank, a credit union, my username is my account number.

And the worst offender, AARP IRA/Mutual Funds, username is your SS#. That's scary.
--
[[Your signature here]]

reply to nwrickert

reply to Daniel
What is really scary is someone who would use their SS# as a login. It's really stunning how the average American can justify their stupidity.

reply to Daniel
Space Coast Credit Union (in East Central Florida) doesn't allow complex passwords.

Neither does Earthlink.

reply to Daniel

reply to Daniel
You can add Wells Fargo to the list of offenders.

reply to Daniel
You CAN make a strong password with a-z (any type) and numbers - in factg - you could use a random jumble of letters (cap/no cap) and numbers and be VERY strong indeed.

reply to Daniel
I've had some success by writing to webmasters and suggesting that they might change the coding and allow the special characters to be used. I've also gotten form letters back from other sites saying their program doesn't allow for this. Some answer . My answer is simple. If I really want to log in to the site, I make them send me my password. Then I change it. Every time.
--
Catmoves

reply to Daniel