dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
34

redxii
Mod
join:2001-02-26
Michigan

1 recommendation

redxii to NoHereNoMo

Mod

to NoHereNoMo

Re: P@$$1234: the end of strong password-only security

I sort of do the same thing, but most of the important websites I use (bank, insurance, etc; they are big names everyone knows) impose asinine limitations, such as low max character limits around 12 and unable to use special characters.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy

Premium Member

said by redxii:

I sort of do the same thing, but most of the important websites I use (bank, insurance, etc; they are big names everyone knows) impose asinine limitations, such as low max character limits around 12 and unable to use special characters.

That goes right back to the password lockout policy.
That needs to be factored into the relative strength of a password at a practical or real world level.
I'm not aware of any financial site that doesn't utilize an account lockout policy.
Take a financial site that doesn't have one in place add a script, a dictionary, & that complex password is a lot less secure than a simple eight character password protected by a lockout policy.

Dustyn
Premium Member
join:2003-02-26
Ontario, CAN
·Carry Telecom
·TekSavvy Cable
Asus GT-AX11000
Technicolor TC4400

Dustyn to redxii

Premium Member

to redxii
said by redxii:

I sort of do the same thing, but most of the important websites I use (bank, insurance, etc; they are big names everyone knows) impose asinine limitations, such as low max character limits around 12 and unable to use special characters.

TD Canada Trust is even worse. 8 characters max, one must be a digit.