Password Requirements

I know I’ve ranted about this before, but people who implement password requirements should really be beaten with a clue stick:

That’s me trying to create an account on PhotoBucket. (Just for testing something at work. I prefer Flickr for real stuff.) Seems legitimate enough, right? But what if I wanted to use a dot as part of my password? What if I wanted spaces? Quotes? @#@$^#$& symbols? Why on Earth can’t I?

And don’t even get me started on the maximum password length at American Express of eight characters. No, I didn’t mean to say minimum. Your password can’t exceed 8 characters. For one of the world’s largest financial institutions. Yes, I’ve complained. No, they don’t seem to care.

Really, how does this happen? Minimum restrictions may have some value, but the only way I can think of prohibited characters coming in is if you’re not hashing passwords, or if you deliberately write code to reject certain characters for no good technical reason.

Leave a Reply

Your email address will not be published. Required fields are marked *