Are You Kidding Me! These Guys Should Know Better

If you do any online business at all, you know about the importance of having strong passwords to protect your accounts. Some of the top minds in the security industry now suggest you actually use a pass phrase, implying a really long password comprised of multiple parts. And to make it super strong, the pass phrase should include a combination of numbers, upper and lower case letters AND special characters (e.g., @, $).

It’s simple mathematics really: the longer and more complex the password, the longer it takes to hack, and most hackers want fast results, not slow tedious results.

Trick question: who would you think has the strongest password policies on the Internet? I bet you said banks (or other financial fiduciaries). You would think that firms that have the most to protect–gobs and gobs of money–would have the best, most stringent password policies on the Internet. And you would be dead wrong.

Here is just a sampling of some of the password policy limitations of some well known organizations:

Chase: cannot include special characters.

Chase Password Policy

Union Bank: cannot include special characters.

Union Bank Password Policy

Vanguard Mutual Funds: a maximum of 10 characters–are you kidding me.

Vangaurd Passwrod Policy

 American Funds: passwords are not case sensitive–are you kidding me.

American Funds Password Policy

SIT Mutual Funds: a maximum of 10 characters.

SIT Password Policy

And just so you don’t think this is limited to just the financial industry, I present…

Verizon Wireless: no special characters. Verizon Wireless
I could go on but you get the point. How long has the commercial Internet been around? Thirty years. I just find this all too perplexing for words (and yet I managed to blog about it).