Posts Tagged 'Security'

Office 365 does not allow more than 16 character passwords or “Why, why, why???”

Published July 18, 2011 Online Services Leave a Comment
Tags: ,

Since my first article about a financial institution’s policy on password length I’ve encountered a couple of examples. All of which were not really worse than the one I had mentioned before but today I was happily signing up for Microsoft’s new online services offering and was prompted to change my password (n.b. I was in the trial). I whip out my Keypass, make an entry and get presented with the following:

 

Why oh why would you ever put a maximum length on the password field? Even if the database size is a concern (really?) would it make sense to bump the limit to something much longer like 100 or 200 characters. Even the default security setting for KeyPass (which I’m sure many people use) is longer than 16 characters.

I may be Microsoft-friendly and it won’t keep me from using the service, but come on Microsoft. Ask the guys who wrote the (ludicrously long) method: HashPasswordForStoringInConfigFile

 

 

Only secure passwords please, but no special characters, symbols or spaces please.

Published March 13, 2009 Humor , Work Comments
Tags:

There are a lot of these personal finance planners online, most recently lil’ mint.com has become the darling of the techcrunch crowd. They all make life so easy by pulling my transactions from my bank account, credit cards etc. But am I the only one who really thinks that passing on my online banking details to a these sites is just a little bit dangerous or even crazy? Sure, they all guarantee that they are safe because they are using SSL (book tip: read http://www.webhackingexposed.com/). Most of them don’t store your username and password, which actually means they pass on your details to some other financial service provider which -of course- is way cooler. But this service really made me chuckle (the sort of “harhar … har … WTF?” chuckle)

The FAQ:

web11The registration page:

pwd21

Maybe I’ve become overconscious for security topics since I started working for www.securityresearch.at but if you want to avoid a mistake like this on your app give us a call… I’m not handing out my bank details on any terms but at least our team can help you reach state-of-the-art levels of security.

Subscribe / Search


XING

 

February 2012
M T W T F S S
« Dec    
 12345
6789101112
13141516171819
20212223242526
272829  

Twitter

Blog Stats

  • 364,707 hits
Site Meter
Follow

Get every new post delivered to your Inbox.

Join 57 other followers