Thank you for purchasing through links and ads on this site.
OWC / MacSales.com...
diglloyd Deal Finder...
Buy other stuff at Amazon.com...
Upgrade the memory of your 2019 iMac up to 128GB
Handpicked deals...
$1799 $1399
SAVE $400

$719 $230
SAVE $489

$198 $138
SAVE $60

$795 $795
SAVE $0

$1997 $897
SAVE $1100

$1100 $900
SAVE $200

$348 $278
SAVE $70

$3099 $2499
SAVE $600

$2099 $1799
SAVE $300

$275 $275
SAVE $0

$699 $499
SAVE $200

$1699 $1299
SAVE $400

$2999 $2999
SAVE $0

$1699 $1443
SAVE $256

$2798 $2498
SAVE $300

$2399 $2249
SAVE $150

$3798 $1898
SAVE $1900

$2798 $2498
SAVE $300

$2497 $1997
SAVE $500

$2498 $1798
SAVE $700

$3297 $2197
SAVE $1100

$2798 $2498
SAVE $300

$2998 $2498
SAVE $500

$1398 $1198
SAVE $200

$898 $798
SAVE $100

$400 $250
SAVE $150

$1299 $939
SAVE $360

$4499 $2999
SAVE $1500

$4999 $4599
SAVE $400

$2199 $1999
SAVE $200

$2799 $2349
SAVE $450

$3099 $2499
SAVE $600

$2001 $1298
SAVE $703

$249 $149
SAVE $100

$2844 $2297
SAVE $547

$1199 $1099
SAVE $100

$2019 $1399
SAVE $620

$999 $949
SAVE $50

$348 $278
SAVE $70

Worst Practices at Big Web Sites

Last updated 2014-10-15 - Send Feedback
Related: how-to, passphrase, security

See overview of password managers + Making a Strong (Highly Secure) Password.

The stupefying and unfortunate situation is that the very web sites for which a rigorous password should be used often require the use of low quality passwords.

Password restrictions at Schwab.com

Shown at right are the Schwab.com password restrictions as of late 2014. No more than 8 characters, no symbols or punctuation.

The restrictions mean that a good password cracker with appropriate hardware could crack many passwords in under a day (a good password cracker doesn’t proceed randomly, but by intelligent combinations of characters).

In Schwab’s defense, an account is locked after some number of failed login attempts. And if done right (Schwab does not say) the passwords would be stored as one-way hashes (only), along with appropriate 'salt' values and with the username incorporated. But with such dumbed-down password restrictions, one has to wonder if the whole thing is a swiss-cheese of worst practices.

Observe also the ludicrous and irresponsible suggestions like “kev6in” (a name with a digit in it): hacker OMG heaven. Easily guessable if the person or relative of that person is named “Kevin”. If MPG can think of it, you can bet that hackers and crackers are a lot more smart about it.

Schwab ought to be red-faced ashamed of both the limitations and the suggestions. This is security negligence, or put more diplomatically, an abject failure to follow best practices.

View all handpicked deals...

Dell UltraSharp 27 U2717D 27" 16:9 InfinityEdge IPS Monitor
$719 $230
SAVE $489

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2019 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__