Thank you for purchasing through links and ads on this site.
OWC / MacSales.com...
diglloyd B&H Deal Finder...
Buy other stuff at Amazon.com...
Upgrade the memory of your 2018 Mac mini up to 64GB
877-865-7002
Today’s Deal Zone Items... Handpicked deals...
$1499 $1259
SAVE $240

$275 $275
SAVE $0

$400 $380
SAVE $20

$372 $247
SAVE $125

$237 $238
SAVE $0

$4500 $3500
SAVE $1000

$70 $50
SAVE $20

$1000 $500
SAVE $500

$1398 $898
SAVE $500

$1499 $1199
SAVE $300

$829 $799
SAVE $30

$935 $549
SAVE $386

$309 $259
SAVE $49

$1300 $900
SAVE $400

$450 $280
SAVE $170

$1499 $1199
SAVE $300

$9999 $2999
SAVE $7000

$700 $600
SAVE $100

$349 $199
SAVE $150

$2000 $1270
SAVE $730

$1149 $999
SAVE $150

$1499 $779
SAVE $720

$450 $150
SAVE $300

$349 $199
SAVE $150

$150 $70
SAVE $80

$3998 $3498
SAVE $500

$150 $80
SAVE $70

$369 $175
SAVE $194

$899 $699
SAVE $200

$1699 $1199
SAVE $500

$649 $449
SAVE $200

$1498 $998
SAVE $500

$999 $949
SAVE $50

$1099 $999
SAVE $100

$397 $317
SAVE $80

$2399 $2199
SAVE $200

$199 $99
SAVE $100

$200 $170
SAVE $30

$7697 $4997
SAVE $2700

Worst Practices at Big Web Sites

Last updated 2014-10-15 - Send Feedback
Related: how-to, passphrase, security

See overview of password managers + Making a Strong (Highly Secure) Password.

The stupefying and unfortunate situation is that the very web sites for which a rigorous password should be used often require the use of low quality passwords.

Password restrictions at Schwab.com

Shown at right are the Schwab.com password restrictions as of late 2014. No more than 8 characters, no symbols or punctuation.

The restrictions mean that a good password cracker with appropriate hardware could crack many passwords in under a day (a good password cracker doesn’t proceed randomly, but by intelligent combinations of characters).

In Schwab’s defense, an account is locked after some number of failed login attempts. And if done right (Schwab does not say) the passwords would be stored as one-way hashes (only), along with appropriate 'salt' values and with the username incorporated. But with such dumbed-down password restrictions, one has to wonder if the whole thing is a swiss-cheese of worst practices.

Observe also the ludicrous and irresponsible suggestions like “kev6in” (a name with a digit in it): hacker OMG heaven. Easily guessable if the person or relative of that person is named “Kevin”. If MPG can think of it, you can bet that hackers and crackers are a lot more smart about it.

Schwab ought to be red-faced ashamed of both the limitations and the suggestions. This is security negligence, or put more diplomatically, an abject failure to follow best practices.


Deals Updated Daily at B&H Photo
View all handpicked deals...

Pelican 1604 Waterproof 1600 Case with Dividers (Orange)
$275 $275
SAVE $0

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2020 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__