One of the largest banks in Australia (Westpac) used to require passwords to be exactly 6 characters (no more, no less) and they were case insensitive. It also had a fun ‘denial of service’ attack built-in: If you got it wrong three times, it’d lock the account and force you to go to the bank to unlock it, meaning anyone that knew your bank username could lock you out of your account and cause some pretty big headaches. Fun.
In fact, I’m not sur whether they ever fixed this. Haven’t used their services in a long time.
My employer software has us log in with just our password, no username. I don’t know exactly what’s going on in the backend but I know I don’t like it.
The highly regarded password policy of my last employer was one of the many things that pushed me over the edge and made me leave for greener pastures. I had to manage something like 9 different passwords, with the main one having changed to 16 chars min with all of the usual number/symbol/CAP requirements.
We have the worst password policy I’ve ever dealt with at my current employer.
Create a new account every time?
Change password every day, and the required password length and complexity increases each time you change your password.
Password game irl
Bitwarden has a password generator that you can set criteria for, been really helpful with one of my janky logins
Are you sure you’re not working for a scam call center?
(Piped)
My bank has, for being a bank, very very bad character support. Best thing is, I’m basically gonna work for that bank.
For years my bank only allowed numerical passwords. The maximum length was 8.
They changed it somewhat recently.
But they had a strict lockout policy, right? Right?
me when my bank is less secure than a fucking door lock
One of the largest banks in Australia (Westpac) used to require passwords to be exactly 6 characters (no more, no less) and they were case insensitive. It also had a fun ‘denial of service’ attack built-in: If you got it wrong three times, it’d lock the account and force you to go to the bank to unlock it, meaning anyone that knew your bank username could lock you out of your account and cause some pretty big headaches. Fun.
In fact, I’m not sur whether they ever fixed this. Haven’t used their services in a long time.
My employer software has us log in with just our password, no username. I don’t know exactly what’s going on in the backend but I know I don’t like it.
The highly regarded password policy of my last employer was one of the many things that pushed me over the edge and made me leave for greener pastures. I had to manage something like 9 different passwords, with the main one having changed to 16 chars min with all of the usual number/symbol/CAP requirements.