« Measuring Leadership - What Happens When You're Not There | Main | Get Ready For XaaS Everywhere »

May 07, 2008

Unbelievably Bad Web Password Security

I was shocked today because I had two very strange but similar experiences with passwords. Both involved accounts with online web sites/services, and both involved some pretty fundamentally bad password limitations. I'm half tempted to name the sites here but elected to contact them privately about the issues. What were the issues?

Absurd limitations in user account passwords. The first site would not allow a user password longer than 10 characters. Ah... last I heard, longer passwords (to some extent) are generally better, as long as other policies like requiring caps and numbers mixed in. All of these, including password length, help against brute force attacks. The second site did not allow special characters in the password. Adding a special character here or there is another common method of making passwords more difficult to crack. I just found it strange to run into two sites with such odd password limitations.

Wikipedia has some good information on basic password security. I hope it can be of help to the sites I visited today.

Posted in Security/NAC/Identity Theft |

Technorati Tags: ,

Digg This | Save to del.icio.us

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451e54d69e200e5522b808d8834

Listed below are links to weblogs that reference Unbelievably Bad Web Password Security:

Comments

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

About

What I Do

  • create and grow businesses
        social media and blogger
        product creator and developer
        business development
    convergence
        software and networking,
        microsoft, mobility,
        collaboration, cloud services,
        virtualization, security,
        open source
    music
        guitarist, performer, writer
    video
        production, editing

  • Contact me about the consulting services offered by Converging Network LLC.
    Learn more about social media and how its leveling the playing field in business and thought leadership.

Social Networks

Mitchell Ashley's Profile
Mitchell Ashley's Facebook Profile
Create Your Badge

Twitter Updates

    follow me on Twitter

    Blogs & Podcasts



    Categories

    Archives

    More...

    Featured On

    • MVP blogger at MyVenturePad.com


    • Find the best blogs at Blogs.com.


      Top 10 Security Blogs at Blogs.com.

    Book Quote

    Disclaimer

    • Everything on this blog and my podcast are only my views and opinions, and are not those of my current or past employers, investors, customers or anybody else. I make no representations as to the accuracy, validity, relevance or importance of anything I say here. Some of what is said here could very well be true (most likely by accident), a lot of it is obviously made up, and all of it is only one man's opinion. All spelling and grammatical errors are purposefully placed to throw any lawyers off the trail. And if you are a lawyer, "move along... this isn't the blog you're looking for". Read and listen entirely at your own risk, and please, don't try any of this at home (work or school.) Now, get back to work - before somebody catches you reading blogs all day instead of doing something productive. And yes, consider yourself notified.

    Misc

    Blog powered by TypePad

    Enter your email address:

    Delivered by FeedBurner

    Relevant Info

    Currently Reading

    Previous Reads

    Blogroll