Why Are Financial Companies Forcing Us To Have Weak Passwords?

Your bank or credit card company is probably the last entity you would want forcing you to set an incredibly weak Web password. But it’s not just American Express that wants their customers to use really crappy, easily crackable passwords. Charlie recently discovered that Capital One and, to a lesser extent, Bank of America have limits on their customers’ passwords that force them to choose crappy ones.

I’ve just tried to change my password at CapitalOne and cannot believe the limitations it has.

Here are the requirements for setting a Capital One credit card
password for their website:

“Valid passwords are 8 to 15 characters long, are not case sensitive,
and should not contain spaces. Please use at least one letter and one
number. The following characters are permissible:Aa-Zz, 0-9, ( – ),
and ( _ ).”

And indeed, trying it out, you can use any case you want while logging
in. And symbols aren’t allowed. And you can’t go beyond 15 characters.

Essentially they are REQUIRING you to have weak passwords for CREDIT
CARD INFORMATION.

Bank of America isn’t much better:

  • Must be between 8 – 20 characters
  • Must include at least 1 number and 1 letter
  • Can include uppercase and lowercase letters
  • Can contain the following characters: @ # % * ( ) + = { } / ? ~
  • ; : ” ‘ , . – _ |
  • Cannot contain any spaces
  • Cannot contain the following characters: $ < > & ^ ! [ ]
  • Cannot be the same as your Online ID

Why limit the length? Why ban the symbols they ban? There’s really no
technical reason for any of these limitations.

Hopefully passwords are something consumers take more and more
seriously, especially in light of account information being stolen
from places like Gawker and Sony. And yet companies housing our
financial data force us into using bad passwords.

PREVIOUSLY:
Passwords: Why “This Is Fun” Is 10x Safer Than “J4fS!2″
Create A Different Password For Every Site And Never Forget A Single One
American Express Wants You To Use Lame Passwords