I always choose a very good password, and I don’t forget my passwords, only which one I used. My passwords contain numbers, upper and lower case letters, and symbols. Every website I’ve ever had to use a password for has allowed me to create a password of my satisfaction, with one exception: banks. I’ve used online banking with two or three banks so far and both times my password has been stunted by either a maximum length requirement (even though the user name can be any length I choose) or doesn’t allow special characters.
What benefit could they possibly be gaining from disallowing me to choose a more secure password? Or maybe it’s just the programmers, but then the question becomes: Why on earth would they hire programmers dumb enough to limit the security of a client’s account? Then again, maybe it’s just me; perhaps I just have really bad choice in banks.
Is this some sort of bank conspiracy to make identity theft and theft of our funds easier? They would certainly have something to gain in the case that they offered some protection. Reminds me of the second Dragonheart movie where the guy gets paid by the townspeople to slay the dragon that is working with him.
I see insecurities like this in various different forms on all sorts of websites. Once I found a bug on a major retail site that let anyone view any and all invoices, which includes the customers’ personal information. I’ve sent e-mails to everyone in these companies I can get a hold of, complained in person, bounced up through the ranks over the phone, etc. All of this in an attempt to help these companies fix their issues and protect their customers’ (which may be you) information. I get the run around and they never fix the bugs.
I see this as a serious problem, and in this case I see absolutely no valid reason for the limitation of a user’s password. Don’t let this one go unfixed! Check if your bank has this issue, and if so, make them fix it!