Missing the point

[lionofgod]

Why the @#($*& is it the *financial* institutions that have "secure password" policies that max out at 8 characters and are alphanumeric only? I don't *have* any 6-8 character alphanumeric only passwords, because they're *insecure*. Idiots

Comments

[gmpe]

This is why one of my (as yet undone) estate planning tasks is to come up with a list of username/password for all our online stuff. (I do all the banking, etc. online and currently many of those are just in my head.)

I did have one company improve their questions to provide more options so that I could at least pick questions with a definite answer. (Favorite color doesn't have a reliable answer from me, for example.)

[topologist]

The point of a secure password system is to have a secure password system, not to have a password system that is secure. Security people do not necessarily have control or authority over companies' security policies.

[justinjs]

Half of the airlines and banks don't even know how to handle a last name with a hyphen in it. Fail long before you even get to a password. You're talking about the advanced stuff.

(not that all of that doesn't annoy me too -- most password policies are ridiculous)