« Powershell, Command Prompt and the Visual Studio Command Prompt
Improving Integration Tests In .Net By Using Attributes To Execute SQL Scripts »

Amex Security Fail

As Jeff Atwood pointed out on his blog, security on the web is generally a hard problem and passwords are the Achilles heel of such security. Companies should generally encourage customers to use strong passwords. What really irks me though is when a company like American Express, who should be taking this with the utmost seriousness tends to limit password complexity.

I am pretty sure that a few months ago, the password length could only be a maximum of 8 characters, that seems to have changed. But they still only allow a limited a set of special chars and here’s the kicker, the password is not case sensitive ! Is it just me or does this scream out home grown Crypto or some sort of direct pass through authentication to a legacy system? Bravo Amex, Braaavooo … *slow clap*

AmexFail

Tags: , , ,

This entry was posted on Saturday, December 18th, 2010 at 8:37 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

  • http://buffered.io/ OJ

    Typical mate. There are so many sites that for some reason are living in the 15th century. It’s bad enough them limit the characters you’re allowed to enter, but case-insensitivity is just pathetic!

    BTW, I recommend plugging disqus.com to your blog. Way better commenting system, and it’s easy to keep track of who replies to you :)


SetPageWidth