In fairness, not quite. It's very easy to confine the valid character set to something small.
Mind you, it's not that much harder to broaden the valid input set, but then you'd have to more closely sanitize the inputs. Still not an insurmountable problem by any means. Just sheer laziness. Plus, I'd be interested to see what percentage of providers that have stupid, limited password inputs, still manage to allow unbounded input elsewhere in their interface, which could be exploited for SQL injection or buffer overflow attacks. * * *ASB* *http://about.me/Andrew.S.Baker* *Harnessing the Advantages of Technology for the SMB market… * On Wed, Aug 10, 2011 at 10:19 PM, Crawford, Scott <[email protected]>wrote: > +1 for stupid.**** > > ** ** > > It seems like it’d be harder to code in the limitations than to just let > you use as long of a password using any characters desired.**** > > ** ** > > *From:* Webster [mailto:[email protected]] > *Sent:* Wednesday, August 10, 2011 9:17 PM > > *To:* NT System Admin Issues > *Subject:* RE: Almost, but not quite OT: Passwords**** > > ** ** > > ETrade:**** > > ** ** > > It's easy to change the password you use to log on to your account at > E*TRADE FINANCIAL. Go to our Change Log-on Password page and select a new > password that is between six and 32 characters long and contain at least one > letter and one number. Your new password may contain letters and numbers, > but no special characters (such as # or %).**** > > ** ** > > My bank:**** > > ** ** > > Passwords must contain 8-13 characters, of which you must have at least one > number and one letter. (and no special characters allowed either: Webster) > **** > > ** ** > > Vanguard:**** > > ** ** > > Your password must have 6 to 10 characters, including at least 2 letters > and 2 numbers. Don't use spaces. (and no special characters allowed > either: Webster)**** > > Absolutely stupid IMNSHO.**** > > Carl Webster**** > > Consultant and Citrix Technology Professional**** > > http://www.CarlWebster.com <http://www.carlwebster.com/>**** > > ** ** > > ** ** > > *From:* Webster [mailto:[email protected]] > *Subject:* RE: Almost, but not quite OT: Passwords**** > > ** ** > > Most financial sites (many banks and investment sites [Vanguard, eTrade]) > do not allow complex passwords!**** > > ** ** > > Carl Webster**** > > Consultant and Citrix Technology Professional**** > > http://www.CarlWebster.com <http://www.carlwebster.com/>**** > > ** ** > > ** ** > > *From:* Andrew S. Baker [mailto:[email protected]] > *Subject:* RE: Almost, but not quite OT: Passwords**** > > ** ** > > > And, many apps *still*have limits on password length that hamper passwords > above 10 or 12 characters.**** > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
