…On Long Passwords

Post by: on February 25, 2011 | 0 Comment

I like to think I’m fairly security conscious. I have a different password for most of the sites I use. I track them all using Passpack.com. I use it to auto-generate complex passwords whenever I create a new login.

I also use CreditKeeper, which gives me a monthly look at my credit score from all three angencies. Yesterday, I decided to improve the security of my password there. I discovered the following requirements on their password field: length 6-10, only letters and numbers.

That’s unbelievably crappy. Kinda as bad as you can get. They recommend not using dictionary words, but I’ll bet you $100 they don’t check that when you submit.

So, I wrote them the following message:

The extra password that you’ve added to the login system is a fine security improvement. However, as the one site on the internet which contains THE MOST concentrated collection of my financial data, I find it galling that you limit my main password to 10 letters and numbers. That’s a pitiful level of security. I would really like to use a password like this: R

But no, your system is actively preventing me from using a secure password. Thanks.

As expected, I go a non-answer back from them, basically blowing me off.

Time to go looking for another tri-bureau credit report that
a) doesn’t suck
b) is marginally readable
c) doesn’t cost a colossal amount
d) doesn’t run on a VAX in the basement
e) understands how to handle a password

I fear the chance of that is about 0.01%, Just wading through the spam when I do the search is going to be an nightmare.