As an Amazon Associate I earn from qualifying purchases @AMAZON

Designed for the most demanding needs of photographers and videographers.
The fastest, toughest, and most compatible portable SSD ever with speeds up to 2800MB/s.

Worst Practices at Big Web Sites

2014-10-15 • SEND FEEDBACK
Related: How-To, passphrase, security

See overview of password managers + Making a Strong (Highly Secure) Password.

The stupefying and unfortunate situation is that the very web sites for which a rigorous password should be used often require the use of low quality passwords.

Password restrictions at Schwab.com

Shown at right are the Schwab.com password restrictions as of late 2014. No more than 8 characters, no symbols or punctuation.

The restrictions mean that a good password cracker with appropriate hardware could crack many passwords in under a day (a good password cracker doesn’t proceed randomly, but by intelligent combinations of characters).

In Schwab’s defense, an account is locked after some number of failed login attempts. And if done right (Schwab does not say) the passwords would be stored as one-way hashes (only), along with appropriate 'salt' values and with the username incorporated. But with such dumbed-down password restrictions, one has to wonder if the whole thing is a swiss-cheese of worst practices.

Observe also the ludicrous and irresponsible suggestions like “kev6in” (a name with a digit in it): hacker OMG heaven. Easily guessable if the person or relative of that person is named “Kevin”. If MPG can think of it, you can bet that hackers and crackers are a lot more smart about it.

Schwab ought to be red-faced ashamed of both the limitations and the suggestions. This is security negligence, or put more diplomatically, an abject failure to follow best practices.

View all handpicked deals...

Voigtlander MACRO APO-LANTHAR 65mm f/2 Aspherical Lens for Sony E
$999 $849
SAVE $150

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | X.com/diglloyd
Copyright © 2020 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__