Ask HN: Why the bad password policies?
I'm rotating my passwords and just ran into Bank of America's password policy: no symbols allowed. Turns out they're not the only ones -- there are banks that still restrict lengths, too, and go on the record defending 8-character limits (!!!):
* https://www.google.com/search?q=banks+bad+password+policies&oq=banks+bad+password+policies
* http://arstechnica.com/security/2013/04/why-your-password-cant-have-symbols-or-be-longer-than-16-characters/
These companies obviously have teams of intelligent people working on security, so why do they write extra code to enforce bad policies? There must be some reason.
0 comments
[ 0.24 ms ] story [ 6.8 ms ] threadNo comments yet.