JCPenney passwords insensitive?

1 points by mrt0mat0 ↗ HN
I've been reading articles over the last ten minutes about companies, including banks and credit card companies using case-insensitive passwords. Some articles were a year old but the reason I discovered this because i made the mistake of capitalizing one of the many letters in my password. i hit enter and realized my mistake. Before i could fix the error, it logged me in. I tested this with other letters and mixing it up but it still works.

The other articles I read said they allowed the first letter to be either as some mobile devices auto-capitalize words, and they allow reverse caps to allow for caps locked problems, which already seems dumb but that's beyond my argument. The issue is, with JCP, any combination of password capitalization works.

I have limited understanding of password encryption, but this would make me think two things: they either purposely did this, or they use some encryption that doesn't distinguish between upper and lower case such as LM.

My question is: why would they do this and what should I do? should i inform them or is this more of a "we understand your concern, sir/ma'am, but we have it under control" waste of my time? Also, is this a concern for anyone else?

0 comments

[ 3.1 ms ] story [ 7.0 ms ] thread

No comments yet.