You remind me of my bank about 17 years ago. Everyone had to have a 10-character password, exactly, and it had to include exactly 2 numbers and 1 symbol. I wasn’t very knowledgeable about computers at the time and it already felt dumb.
A few years ago my ISP pushed an update to my router that changed the password requirements, invalidating my passwords. Because I couldn’t enter the old password I also couldn’t change the password. I had to do a factory reset.
Might be checking the old password on the new password screen. Easy programming mistake to make I guess? Apply the same validation to all 3 password fields…
At that time my bank allowed up to 6 digits as a password. I kid you not, like a card PIN but for online banking login. I believe the whole banking security relies on their backoffices still running on paper.
That’s what my current bank uses for the web portal now to think of it. Client number, and 6-number PIN. I guess they’re only doing this because they really trust their “unusual activity” protocols, but I’ve got a feeling they really shouldn’t only rely on those.
You remind me of my bank about 17 years ago. Everyone had to have a 10-character password, exactly, and it had to include exactly 2 numbers and 1 symbol. I wasn’t very knowledgeable about computers at the time and it already felt dumb.
A few years ago my ISP pushed an update to my router that changed the password requirements, invalidating my passwords. Because I couldn’t enter the old password I also couldn’t change the password. I had to do a factory reset.
Feels odd to check the password requirements on the enter password screen in addition to the new password screen.
Might be checking the old password on the new password screen. Easy programming mistake to make I guess? Apply the same validation to all 3 password fields…
Ahhh, good catch! You are probably a master of code reviews and QA!
Wow that’s a big oops
17 years ago, jeez. My credit Union’s website is like that. Only its between 8-12 characters. No more, no less.
It’s terrifying.
At that time my bank allowed up to 6 digits as a password. I kid you not, like a card PIN but for online banking login. I believe the whole banking security relies on their backoffices still running on paper.
That’s what my current bank uses for the web portal now to think of it. Client number, and 6-number PIN. I guess they’re only doing this because they really trust their “unusual activity” protocols, but I’ve got a feeling they really shouldn’t only rely on those.