RSS Feed23 November 2007
Stupid Password Systems
I'm going to rant about password systems today. Now, I'm not complaining about what everyone else has already complained about online: requiring 8 characters, requiring special characters, not allowing dictionary words, etc. These are all perfectly good rules: you don't want your passwords to be weak. Sure, they make it hard for people to remember their passwords, but that's just something people are going to have to get used to if they want to trust software with important information. Forcing people to change their passwords every 6 months is silly, and leads to more problems, but I'm not even going to complain about that today.
What I'm going to complain about today is systems that make you dumb down your password. You know, they don't allow special characters, or they truncate your password to 8 characters. It's ridiculous. Proper passwords, where any character is allowed, are just not that hard to implement. So why does anyone do anything else? All it does is make users angry.
Example time! I do my banking at Presidents Choice Financial. When I first went to set up my PC Financial account, they got me to choose a password for online banking. I was happy to notice that the system at the banking pavillion let me choose a good password (one of the ones I usually use for secure things). Then I got home and tried to login. "Invalid character in password" it said. What? You mean the password I picked at the bank isn't allowed? It sure would have been nice if the system at the bank had told me that, so I could have picked a different password. I ended up having to call tech support and get them to change my password for me.