Monday, February 8, 2010

Amex thinks shorter passwords without special characters are more secure

I was working on a background section of my thesis proposal and was talking about how some misconceptions regarding security policies can result in web sites being a lot less secure. But American Express takes security misconceptions to a new low:

I would like to inform you that our website has a 128 bit encryption. With this base, passwords that comprise only of letters and alphabets create an algorithm that is difficult to crack. We discourage the use of special characters because hacking softwares can recognize them very easily.

And it gets worse!

The length of the password is limited to 8 characters to reduce keyboard contact. Some softwares can decipher a password based on the information of “most common keys pressed”.

Therefore, lesser keys punched in a given frame of time lessen the possibility of the password being cracked.

Uh, no guys. Just no.

Also, the former magazine editor in me is going, "softwares? softwares?!" but that's another problem entirely.

Read the rest of what American Express said and see the screenshot here.

No comments: