You would think that financial institutions would want individuals to choose really strong passwords that are difficult to guess.\u00a0 But in at least one very big case, you would be wrong.\u00a0 What makes a strong password?\u00a0 Several things:<\/p>\n
Now let’s review the actual guidance given by a very popular broker:<\/p>\n
Your new password must:<\/p>\n
\n\n
- Include 6-8 characters AND numbers <\/span><\/strong><\/li>\n
- Include at least one number BETWEEN the first and last characters<\/li>\n
- Contain no symbols (!,%,# etc.) <\/span><\/strong><\/li>\n
- Cannot match or be a subset of your Login ID<\/li>\n<\/ul>\n<\/blockquote>\n
Examples of valid<\/strong> passwords: kev6in, 2be111, wil1iam<\/p>\n
In other words, they’re violating two very big rules.\u00a0 The 6-8 character rule means that they are limiting the search space, and people cannot put together phrases, which are actually easier to remember than passwords.\u00a0 Removal of symbols from the search space makes it easier for attackers to perform a dictionary attack.<\/p>\n
This site is not alone.\u00a0 Many sites have the same problem, and it is likely a problem with what their security professionals think is the industry standard.\u00a0 Well it’s a bad standard.\u00a0 Who takes on the risk?\u00a0 In the brokerage world, the chances are that you are assuming at least some risk.<\/p>\n","protected":false},"excerpt":{"rendered":"
You would think that financial institutions would want individuals to choose really strong passwords that are difficult to guess.\u00a0 But in at least one very big case, you would be wrong.\u00a0 What makes a strong password?\u00a0 Several things: A lot of characters.\u00a0 The more the merrier.\u00a0 The only limitation on this is that you have … Continue reading “Financial Institutions and Passwords”<\/span><\/a><\/p>\n","protected":false},"author":172,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[87,9],"tags":[32,279,271,280],"class_list":["post-799","post","type-post","status-publish","format-standard","hentry","category-internet","category-security","tag-cybercrime","tag-dictionary-attack","tag-passwords","tag-risk"],"_links":{"self":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/799","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/users\/172"}],"replies":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=799"}],"version-history":[{"count":4,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/799\/revisions"}],"predecessor-version":[{"id":803,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/799\/revisions\/803"}],"wp:attachment":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=799"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=799"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=799"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}