I guess it goes without saying that I’m fairly technically literate and as such I’m pretty well versed in both what makes a strong password and actually using them. I actually have a pair of passwords, one that I use for what I consider my more important logins (company accounts, servers and the like), and another that is for lesser services that if I lost or it got hacked then it wouldn’t be a major compromise of anything.
Given this it’s always particularly disappointing when I find something that I really want to use a strong password for but can’t, because the service in question can’t handle how strong my password is.
Take my new bank account with Lloyds TSB. The password for the internet banking is 6-15 characters, must contains letters and numbers, but cannot contain any spaces or anything non-alphanumeric. Bang goes about 4 characters from my strong password.
Lloyds aren’t alone either. I also have a savings account with Citibank. To log in to their online banking I am not allowed to type in my password by hand, instead I must use an onscreen keyboard with my mouse. Now I’m not quite sure what this is meant to serve, all it does is enter the characters into a regular html input box, you know, easily readable from an add-on or other form of spyware. And even worse the keyboard gives me just 51 possible characters to choose. At least Lloyds let me use both upper and lower case!
Maybe all these places having quite different restrictions on what characters I can use in my password is a cunning ploy to make me use a different password everywhere, but I find it a little disturbing that I’m able to use a stronger password with my online pizza delivery place than with my bank accounts holding thousands of pounds of savings.