Wednesday, April 20, 2011

Password Suggestions?

It's no wonder that people are choosing bad or commonly guessed passwords today.  I was having a look over at Citibank's password policies and it seems that the passwords they suggest to customers aren't very secure.  I'm sure Citibank isn't the only guilty party, but I've decided to pick on them today.

Here is what their password policy entails:


Notice the highlighted words they suggest as a combination for your password choice.  Using http://www.passwordmeter.com/ as a reference to check the strength of the passwords they suggest, they all seem to score as "weak".  While it isn't Citibank's fault when users choose poor passwords, Citibank could take a few extra steps to suggest passwords that are....you know....actually strong?
Posted by at
Labels: ,

1 comments:

  1. FYI Citibank's website passwords are not case sensitive, creating an enormous security risk. Recommended solution: double the length of your password. Also, Citibank does not store your password in an encrypted format on its own servers - otherwise they would be impossible to scan for so-called "vulgar" language. This is an even bigger security risk. Shame on you Citibank, these are industry worst practices!

    ReplyDelete

Subscribe to: Post Comments (Atom)