Passwords\!\?

What do the Bank of New Zealand*, The University of Auckland, and GoDaddy have in common?

Their site (usernames and) passwords only support alphanumeric characters.

WTF?

Not only is this disrespectful if your name happens to be ‘O’Connor’ or ‘Lorenz-Macgyver’, but also incredibly worry-some and unprofessional.

If an e-commerce site hasn’t even mastered how to escape punctuation characters in their application, how can they be trusted with processing credit card transactions and other secure information?

Boy, would I like to see that code.


*Of course bank user authentication is a whole other issue. Nonetheless, it is refreshing to see that most NZ banks are now adopting some form of proper, independent, two-stage authentication and finally moving away from the wannabe-secure ‘what was your neighbour’s favourite pet’s name’ secret question method. .

This entry was posted in IT. Bookmark the permalink.

Leave a Reply

Your email address will not be published.