I tried to sign up for an online account through Canada Post today and ran into this little hiccup on the password requirements:

http://i.imgur.com/wqnDaMj.jpg

Are you kidding?

No consecutive characters? Maximum of 8? And requires special characters? For a Canada Post account. Jesus.

easy, "$pank1" :rofl:

Don't really seem that bad. I've never seen the consecutive characters before though.

im glad my bank still lets me use 12345... so convenient...

Seems normal to me. I work in the IT world tho.

The stupid part is the maximum 8 character part. That would simplify an attack quite significantly (not that anyone cares about your canada post account)

The repeating characters I've seen before but never two. It's always been 3 or more so you can't just repeat one character.
I had one person use "Aa!11111" as their password and just changed the numbers everytime their password expired.

never seen a maximum of 8 before, but usually it is a maximum of 16.

Never seen the repeating characters before though.

Bank passwords (not pins) are the most surprising to me. I've never been able to use more than 5 or 6 characters, and no special characters. That is one thing you'd think they would give you unlimited flexibility for secure passwords.

Seems silly to me.
This should be standardized and easy.
Minimum 10 characters of whatever should be good enough.
Then make sure to ban all these passwords:

http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time

Backend should be salting and hashing properly so the stored password is a sha-256 or whatever.

I'm really getting sick of different password requirements. I need 3 at work alone, and all 3 have different "Must" and "Cannot"s, let alone the dozens of other passwords I need.

The most annoying sites are the ones that force you to reset your password after only 3 tries, and then you can't use the same one again. I think I've changed my Aeroplan password 12 times in the past 3 months because the "remember me" function doesn't work on their site. :facepalm:

Originally posted by Tik-Tok
I'm really getting sick of different password requirements. I need 3 at work alone, and all 3 have different "Must" and "Cannot"s, let alone the dozens of other passwords I need.

The most annoying sites are the ones that force you to reset your password after only 3 tries, and then you can't use the same one again. I think I've changed my Aeroplan password 12 times in the past 3 months because the "remember me" function doesn't work on their site. :facepalm:

The only thing that makes these stupid password requirements worse, is knowing that they add virtually no protection to my account. I wish I could be blissfully ignorant like the people who decided to enforce them in the first place. It's only icing on the cake that this particular list of insane requirements LIMITS your maximum length to 8... fucking really?!?

Hell, half of the sites don't allow you to try the password more than a few times anyway, so there's even less benefit to that kind of complex password.

I just remembered a rather old xkcd about this.

http://imgs.xkcd.com/comics/password_strength.png

best way I have found to create a password for anything is to take a line from a song, and use the first letter of each word.

for example:

I want to rock and roll all night and party every day becomes "iwtraranaped"

Throw in the last 2 digits of your birth year, capital and a punctuation and you get:

75Iwtraranaped!

I have found this works every time, and is easy to remember.

Not sure why they don't use 2-factor authentication rather then enforce password rules which result in people resetting their passwords on a monthly basis.

Originally posted by BigMass
im glad my bank still lets me use 12345... so convenient...

That's the stupidest combination I've heard in my life. That's the kind of thing an idiot would have on his luggage.

Originally posted by D'z Nutz


That's the stupidest combination I've heard in my life. That's the kind of thing an idiot would have on his luggage.

:rofl: Been too long since I watched that.

Originally posted by spikerS
never seen a maximum of 8 before, but usually it is a maximum of 16.

Never seen the repeating characters before though.

The limit is possibly a limitation on their back end database.

well considering CIBC password allows 123456 ........!.!!.!.
they are keeping up......

Originally posted by SmAcKpOo


The limit is possibly a limitation on their back end database.

Your probably right but a smart programmer would just parse out the extra data.

0123456789 becomes
01234567

OR hash that down to 8 characters?

But yea internet passwords need a revolution.

keepass

http://keepass.info/

Originally posted by revelations
keepass

http://keepass.info/

I used Keepass through dropbox (with 2 factor) for years but then I got lazy and switched to LastPass. LastPass is probably less secure, but for everyday usage it makes my life so much easier.

Originally posted by UndrgroundRider
[B]

The only thing that makes these stupid password requirements worse, is knowing that they add virtually no protection to my account.

:clap:

.