Ok, so my "security-minded" bank requires you to change your web portal password at 45-day intervals. Further, they require a minimum password length and you can't re-use a password within ten change. Oh... and these rules are in place for a service that gets used once every 30 days (so, it's not like you get a chance to memorize your password by frequent use).
Even more fun is that: A) they don't have an online password reset tool once you get locked out; and, B) they only have CSRs available M-F during business hours.
Toss in the fact that passwords may not contain the types of characters I use to make my passwords "suitably complex":
...and this bank's authentication system is kind of a joke.
No comments:
Post a Comment