I believe I saw this post from Digg: Password Security – Or Lack There Of and he has the exact same feelings I have toward American Express’ password requirement, which is so lenient, it’s scary…
My password lengths generally range between 12-16 characters with a mix of lower case, upper case, numbers and symbols, but American Express requires your password be 6-8 characters long. What!?!?! I can’t believe they would enforce such a weak password. I can understand if you have a lower bound of 6 for people who don’t care that their accounts can easily be hacked into, but for people who want to make it harder for the crackers out there, why is the limit so low?
I even b*tched about it to Derek awhile back:
Krunk4Ever: i don’t get any finance website
Derek: ?
Krunk4Ever: that limits you to a password of 6-8 characters
Derek: 🙂
Krunk4Ever: hsbc used to do that
Krunk4Ever: but they’ve fixed it
Krunk4Ever: but amex still limits you to 8
I mean if you applied a password strength to any 6-8 alphanumeric password, it probably won’t ever go beyond medium strength.
Hopefully with all this bad press about American Express’ password weakness, they’ll step up fix this problem.
I was just trying to log into AMEX’s site as I read this 😡